Nessus Report

Report generated by Tenable Nessus™

Proyecto4_CajaBlanca

Wed, 11 Feb 2026 20:57:33 CET

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
192.168.122.168
137
413
147
22
364
Critical
High
Medium
Low
Info
Scan Information
Start time: Wed Feb 11 20:27:22 2026
End time: Wed Feb 11 20:57:32 2026
Host Information
Netbios Name: VAGRANT-2008R2
IP: 192.168.122.168
MAC Address: 52:54:00:64:7E:B3
OS: Microsoft Windows Server 2008 R2 Standard Service Pack 1
Vulnerabilities

100995 - Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.33-dev or 2.4.x prior to 2.4.26. It is, therefore, affected by the following vulnerabilities :

- An authentication bypass vulnerability exists due to third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass authentication requirements. (CVE-2017-3167)

- A NULL pointer dereference flaw exists due to third-party module calls to the mod_ssl ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-3169)

- A NULL pointer dereference flaw exists in mod_http2 that is triggered when handling a specially crafted HTTP/2 request. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. Note that this vulnerability does not affect 2.2.x.
(CVE-2017-7659)

- An out-of-bounds read error exists in the ap_find_token() function due to improper handling of header sequences. An unauthenticated, remote attacker can exploit this, via a specially crafted header sequence, to cause a denial of service condition.
(CVE-2017-7668)

- An out-of-bounds read error exists in mod_mime due to improper handling of Content-Type response headers. An unauthenticated, remote attacker can exploit this, via a specially crafted Content-Type response header, to cause a denial of service condition or the disclosure of sensitive information. (CVE-2017-7679)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.2.33-dev / 2.4.26 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.6441
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 99132
BID 99134
BID 99135
BID 99137
BID 99170
CVE CVE-2017-3167
CVE CVE-2017-3169
CVE CVE-2017-7659
CVE CVE-2017-7668
CVE CVE-2017-7679
Plugin Information
Published: 2017/06/22, Modified: 2025/12/15
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.2.33
101787 - Apache 2.2.x < 2.2.34 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.34. It is, therefore, affected by the following vulnerabilities :

- An authentication bypass vulnerability exists in httpd due to third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass authentication requirements. (CVE-2017-3167)

- A denial of service vulnerability exists in httpd due to a NULL pointer dereference flaw that is triggered when a third-party module calls the mod_ssl ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-3169)

- A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the ap_find_token() function that is triggered when handling a specially crafted request header sequence. An unauthenticated, remote attacker can exploit this to crash the service or force ap_find_token() to return an incorrect value. (CVE-2017-7668)

- A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the mod_mime that is triggered when handling a specially crafted Content-Type response header. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition. (CVE-2017-7679)

- A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. An unauthenticated, remote attacker can exploit this, by providing an initial key with no '='
assignment, to disclose sensitive information or cause a denial of service condition. (CVE-2017-9788)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.2.34 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.6441
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 99134
BID 99135
BID 99137
BID 99170
BID 99569
CVE CVE-2017-3167
CVE CVE-2017-3169
CVE CVE-2017-7668
CVE CVE-2017-7679
CVE CVE-2017-9788
Plugin Information
Published: 2017/07/18, Modified: 2025/12/10
Plugin Output

tcp/8585/www


Source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.34
158900 - Apache 2.4.x < 2.4.53 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.53 advisory.

- mod_lua Use of uninitialized value of in r:parsebody: A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Acknowledgements: Chamal De Silva (CVE-2022-22719)

- HTTP request smuggling: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Acknowledgements: James Kettle <james.kettle portswigger.net> (CVE-2022-22720)

- Possible buffer overflow with very large or unlimited LimitXMLRequestBody in core: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Acknowledgements: Anonymous working with Trend Micro Zero Day Initiative (CVE-2022-22721)

- Read/write beyond bounds in mod_sed: Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Acknowledgements: Ronald Crane (Zippenhop LLC) (CVE-2022-23943)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.53 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.6556
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-22719
CVE CVE-2022-22720
CVE CVE-2022-22721
CVE CVE-2022-23943
XREF IAVA:2022-A-0124-S
Plugin Information
Published: 2022/03/14, Modified: 2023/11/06
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.53
193421 - Apache 2.4.x < 2.4.54 Authentication Bypass
-
Synopsis
The remote web server is affected by an authentication bypass vulnerability.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an authentication bypass vulnerability as referenced in the 2.4.54 advisory.

- X-Forwarded-For dropped by hop-by-hop mechanism in mod_proxy: Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Acknowledgements: The Apache HTTP Server project would like to thank Gaetan Ferry (Synacktiv) for reporting this issue

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.54 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0004
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-31813
XREF IAVA:2022-A-0230-S
Plugin Information
Published: 2024/04/17, Modified: 2024/04/18
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.54
161948 - Apache 2.4.x < 2.4.54 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory.

- Read beyond bounds via ap_rwrite(): The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Acknowledgements: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue (CVE-2022-28614)

- Read beyond bounds in ap_strcmp_match(): Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. Acknowledgements: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue (CVE-2022-28615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.54 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.0
EPSS Score
0.0103
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-28614
CVE CVE-2022-28615
XREF IAVA:2022-A-0230-S
Plugin Information
Published: 2022/06/08, Modified: 2024/04/18
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.54
170113 - Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.55 advisory.

- A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

- Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
(CVE-2022-36760)

- Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. (CVE-2022-37436)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache version 2.4.55 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.2314
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2006-20001
CVE CVE-2022-36760
CVE CVE-2022-37436
XREF IAVA:2023-A-0047-S
Plugin Information
Published: 2023/01/18, Modified: 2023/03/10
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.55
172186 - Apache 2.4.x < 2.4.56 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.56. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.56 advisory.

- HTTP request splitting with mod_rewrite and mod_proxy: Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*) http://example.com:8080/elsewhere?$1 http://example.com:8080/elsewhere ; [P] ProxyPassReverse /here/ http://example.com:8080/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Acknowledgements: finder: Lars Krapf of Adobe (CVE-2023-25690)

- Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting: HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
Acknowledgements: finder: Dimas Fariski Setyawan Putra (nyxsorcerer) (CVE-2023-27522)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache version 2.4.56 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.6704
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-25690
CVE CVE-2023-27522
XREF IAVA:2023-A-0124-S
Plugin Information
Published: 2023/03/07, Modified: 2023/10/21
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.56
153583 - Apache < 2.4.49 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by a vulnerability.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog.

- A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. (CVE-2021-40438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.49 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.9443
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-40438
XREF IAVA:2021-A-0440-S
XREF CISA-KNOWN-EXPLOITED:2021/12/15
Plugin Information
Published: 2021/09/23, Modified: 2023/04/25
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.49
153584 - Apache < 2.4.49 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by a vulnerability.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.49 changelog.

- ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. (CVE-2021-39275)

- Malformed requests may cause the server to dereference a NULL pointer. (CVE-2021-34798)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.49 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.4419
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-34798
CVE CVE-2021-39275
XREF IAVA:2021-A-0440-S
Plugin Information
Published: 2021/09/23, Modified: 2022/04/11
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.49
171356 - Apache HTTP Server SEoL (2.1.x <= x <= 2.2.x)
-
Synopsis
An unsupported version of Apache HTTP Server is installed on the remote host.
Description
According to its version, Apache HTTP Server is between 2.1.x and 2.2.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache HTTP Server that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/02/10, Modified: 2024/04/02
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Security End of Life : July 11, 2017
Time since Security End of Life (Est.) : >= 8 years

156860 - Apache Log4j 1.x Multiple Vulnerabilities
-
Synopsis
A logging library running on the remote host has multiple vulnerabilities.
Description
According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including :

- Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be exploited. (CVE-2019-17571)

- Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (CVE-2020-9488)

- JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is configured to reference an untrusted site or if the site referenced can be accesseed by the attacker.
(CVE-2022-23302)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4845
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2019-17571
CVE CVE-2020-9488
CVE CVE-2022-23302
CVE CVE-2022-23305
CVE CVE-2022-23307
CVE CVE-2023-26464
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
XREF IAVA:2021-A-0573-S
Plugin Information
Published: 2022/01/19, Modified: 2026/01/21
Plugin Output

tcp/445/cifs


Path : C:\ManageEngine\DesktopCentral_Server\lib\log4j-1.2.15.jar
Installed version : 1.2.15

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2.war
Installed version : 1.2.15

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2\WEB-INF\lib\log4j-1.2.15.jar
Installed version : 1.2.15

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase.war
Installed version : 1.2.17

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17

tcp/445/cifs


Path : C:\Program Files\elasticsearch-1.1.1\lib\log4j-1.2.17.jar
Installed version : 1.2.17

182252 - Apache Log4j SEoL (<= 1.x)
-
Synopsis
An unsupported version of Apache Log4j is installed on the remote host.
Description
According to its version, Apache Log4j is less than or equal to 1.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Log4j that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/09/29, Modified: 2023/11/02
Plugin Output

tcp/0


Path : C:\ManageEngine\DesktopCentral_Server\lib\log4j-1.2.15.jar
Installed version : 1.2.15
Security End of Life : August 5, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2.war
Installed version : 1.2.15
Security End of Life : August 5, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2\WEB-INF\lib\log4j-1.2.15.jar
Installed version : 1.2.15
Security End of Life : August 5, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase.war
Installed version : 1.2.17
Security End of Life : August 5, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Security End of Life : August 5, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : C:\Program Files\elasticsearch-1.1.1\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Security End of Life : August 5, 2015
Time since Security End of Life (Est.) : >= 10 years

151425 - Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)
-
Synopsis
Apache Struts installed on the remote host is affected by Possible Remote Code Execution vulnerability
Description
The version of Apache Struts installed on the remote host is prior to 2.5.26. It is, therefore, affected by a vulnerability as referenced in the S2-061 advisory.

- Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. (CVE-2020-17530)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.26 or later. Alternatively, apply the workaround as referenced in in the vendor's security bulletin
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.9438
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17530
XREF IAVA:2020-A-0565-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CEA-ID:CEA-2021-0025
Exploitable With
Metasploit (true)
Plugin Information
Published: 2021/07/06, Modified: 2023/08/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.26
159667 - Apache Struts 2.0.0 < 2.5.30 Possible Remote Code Execution vulnerability (S2-062)
-
Synopsis
Apache Struts installed on the remote host is affected by Possible Remote Code Execution vulnerability
Description
The version of Apache Struts installed on the remote host is prior to 2.5.30. It is, therefore, affected by a vulnerability as referenced in the S2-062 advisory.

- The fix issued for CVE-2020-17530 ( S2-061 ) was incomplete. Still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax.
Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. (CVE-2021-31805)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.30 or later. Alternatively, apply the workaround as referenced in in the vendor's security bulletin
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.9396
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/04/12, Modified: 2023/11/02
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.30
213040 - Apache Struts 2.0.0 <=> 2.3.37(EOL) / 2.5.0 <=> 2.5.33 / 6.0.0 <=> 6.3.0.2 Remote Code Execution (S2-067)
-
Synopsis
Apache Struts installed on the remote host is affected by Remote Code Execution vulnerability
Description
The version of Apache Struts installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the S2-067 advisory.

- File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067 (CVE-2024-53677)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version or later. Alternatively, apply the workaround as referenced in in the vendor's security bulletin
Risk Factor
Critical
CVSS v4.0 Base Score
9.5 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.9289
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-53677
XREF IAVA:2024-A-0821-S
Plugin Information
Published: 2024/12/16, Modified: 2026/01/21
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : Upgrade to a version greater than 2.3.37(EOL)
102960 - Apache Struts 2.1.x >= 2.1.2 / 2.2.x / 2.3.x < 2.3.34 / 2.5.x < 2.5.13 Multiple Vulnerabilities (S2-050 - S2-053)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by multiple vulnerabilities.
Description
The version of Apache Struts running on the remote host is 2.1.x subsequent or equal to 2.1.2, 2.2.x, 2.3.x prior to 2.3.34, or 2.5.x prior to 2.5.13. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability in the REST plugin. The Struts REST plugin uses an XStreamHandler with an instance of XStream for deserialization and does not perform any type filtering when deserializing XML payloads. This can allow an unauthenticated, remote attacker to execute arbitrary code in the context of the Struts REST plugin by sending a specially crafted XML payload. (CVE-2017-9805)

- A denial of service vulnerability in the XStream XML deserializer in the XStreamHandler used by the REST plugin. (CVE-2017-9793)

- A denial of service vulnerability when using URLValidator.
(CVE-2017-9804)

- A flaw exists related to 'freemarker' tags, expression literals, 'views/freemarker/FreemarkerManager.java', and forced expressions that allows arbitrary code execution.
(CVE-2017-12611)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.34 or 2.5.13 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.9432
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
References
BID 100609
BID 100611
BID 100612
BID 100829
CVE CVE-2017-9793
CVE CVE-2017-9804
CVE CVE-2017-9805
CVE CVE-2017-12611
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Core Impact (true) (true) Metasploit (true)
Plugin Information
Published: 2017/09/05, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.34
94336 - Apache Struts 2.3.1 < 2.3.31 / 2.5.x < 2.5.5 Convention Plugin Path Traversal RCE (S2-042)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by a remote code execution vulnerability
Description
The version of Apache Struts running on the remote host is 2.3.1 prior to 2.3.31 or 2.5.x prior to 2.5.5. It is, therefore, affected by a remote code execution vulnerability in the Convention plugin due to a flaw that allows traversing outside of a restricted path. An unauthenticated, remote attacker can exploit this, via a specially crafted URL which could be used for path traversal and execution of arbitrary code on the remote server.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.31 / 2.5.5 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.1004
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 93773
CVE CVE-2016-6795
Plugin Information
Published: 2016/10/27, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.31
97576 - Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)
-
Synopsis
The remote host contains a web application that uses a Java framework that is affected by a remote code execution vulnerability.
Description
The version of Apache Struts running on the remote host is 2.3.5 through 2.3.31 or else 2.5.x prior to 2.5.10.1. It is, therefore, affected by a remote code execution vulnerability in the Jakarta Multipart parser due to improper handling of the Content-Type, Content-Disposition, and Content-Length headers. An unauthenticated, remote attacker can exploit this, via a specially crafted header value in the HTTP request, to potentially execute arbitrary code.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.32 / 2.5.10.1 or later.
Alternatively, apply the workaround referenced in the vendor advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9427
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 96729
CVE CVE-2017-5638
XREF CERT:834067
XREF EDB-ID:41570
XREF EDB-ID:41614
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2017/03/07, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.32
101361 - Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)
-
Synopsis
The remote Windows host contains a web application that uses a Java framework that is affected by a potential remote code execution vulnerability.
Description
The version of Apache Struts running on the remote Windows host is 2.3.x. It is, therefore, potentially affected by a remote code execution vulnerability in the Struts 1 plugin showcase app in the ActionMessage class due to improper validation of user-supplied input passed via error messages. An unauthenticated, remote attacker can exploit this to execute arbitrary code.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Refer to the vendor advisory for recommendations on passing data to the 'ActionMessage' class.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.9424
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
References
BID 99484
CVE CVE-2017-9791
XREF CISA-KNOWN-EXPLOITED:2022/08/10
Exploitable With
Core Impact (true) (true) Metasploit (true)
Plugin Information
Published: 2017/07/11, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.33
186643 - Apache Struts 2.5.0 < 2.5.33 / 6.0.0 < 6.3.0.2 Remote Code Execution (S2-066)
-
Synopsis
Apache Struts installed on the remote host is affected by Remote Code Execution vulnerability
Description
The version of Apache Struts installed on the remote host is prior to 2.5.33 or 6.3.0.2. It is, therefore, affected by a vulnerability as referenced in the S2-066 advisory.

- An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
(CVE-2023-50164)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.33 or 6.3.0.2 or later. Alternatively, apply the workaround as referenced in in the vendor's security bulletin
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.9286
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-50164
XREF IAVA:2023-A-0675-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/12/07, Modified: 2024/12/19
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.33
90773 - Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities
-
Synopsis
The remote host contains a web application that uses a Java framework that is affected by multiple vulnerabilities.
Description
The version of Apache Struts running on the remote host is 2.x prior to 2.3.28.1. It is, therefore, affected by the following vulnerabilities :

- An unspecified flaw exists, related to chained expressions, when Dynamic Method Invocation (DMI) is enabled. An unauthenticated, remote attacker can exploit this, via a crafted expression, to execute arbitrary code. (CVE-2016-3081)

- A flaw exists in XSLTResult due to a failure to sanitize user-supplied input to the 'location' parameter when determining the location of an uploaded stylesheet.
An unauthenticated, remote attacker can exploit this, via a request to a crafted stylesheet, to execute arbitrary code. (CVE-2016-3082)

- A flaw exists that is triggered when dynamic method invocation is enabled while using the REST plugin. A remote attacker can exploit this, via a specially crafted expression, to execute arbitrary code.
(CVE-2016-3087) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.28.1 or later. Alternatively, apply the workarounds referenced in the vendor advisories.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.9405
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 87327
CVE CVE-2016-3081
CVE CVE-2016-3082
CVE CVE-2016-3087
Exploitable With
CANVAS (true) Core Impact (true) (true) Metasploit (true)
Plugin Information
Published: 2016/04/28, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.28.1
143599 - Apache Struts 2.x < 2.5.26 RCE (S2-061)
-
Synopsis
Apache Struts installed on the remote host is affected by a remote code execution vulnerability.
Description
The version of Apache Struts installed on the remote host is 2.x prior to 2.5.26. It is, therefore, affected by a a remote code execution vulnerability in its OGNL evaluation functionality due to insufficient validation of user input. An unauthenticated, remote attacker can exploit this to execute arbitrary commands on an affected host.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.26 or later. Alternatively, apply the workarounds as referenced in the vendor security bulletins.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.9438
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-17530
XREF IAVA:2020-A-0565-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CEA-ID:CEA-2021-0025
Exploitable With
Metasploit (true)
Plugin Information
Published: 2020/12/09, Modified: 2023/06/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.26
139607 - Apache Struts 2.x <= 2.5.20 Multiple Vulnerabilities
-
Synopsis
Apache Struts installed on the remote host is affected by multiple vulnerabilities.
Description
The version of Apache Struts installed on the remote host is 2.x prior or equal to 2.5.20. It is, therefore, affected by multiple vulnerabilities:

- The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE). The problem only applies when forcing OGNL evaluation inside a Struts tag attribute, when the expression to evaluate references raw, unvalidated input that an attacker is able to directly modify by crafting a corresponding request.Example:List available EmployeesIf an attacker is able to modify the skillName attribute in a request such that a raw OGNL expression gets passed to the skillName property without further validation, the provided OGNL expression contained in the skillName attribute gets evaluated when the tag is rendered as a result of the request.The opportunity for using double evaluation is by design in Struts since 2.0.0 and a useful tool when done right, which most notably means only referencing validated values in the given expression. However, when referencing unvalidated user input in the expression, malicious code can get injected. In an ongoing effort, the Struts framework includes mitigations for limiting the impact of injected expressions, but Struts before 2.5.22 left an attack vector open which is addressed by this report. This issue is similar to: S2-029 and S2-036. (CVE-2019-0230)

- When a file upload is performed to an Action that exposes the file with a getter, an attacker may manipulate the request such that the working copy of the uploaded file is set to read-only. As a result, subsequent actions on the file will fail with an error. It might also be possible to set the Servlet container's temp directory to read only, such that subsequent upload actions will fail. In Struts prior to 2.5.22, stack-accessible values (e.g. Action properties) of type java.io.File and java.nio.File as well as other classes from these standard library packages are not properly protected by the framework to deny access to potentially harmful underlying properties. (CVE-2019-0233)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.22 or later or apply the workarounds as referenced in in the vendor security bulletins.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.936
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
References
CVE CVE-2019-0230
CVE CVE-2019-0233
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2020-0113
Exploitable With
Metasploit (true)
Plugin Information
Published: 2020/08/14, Modified: 2022/12/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.22
118732 - Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by multiple denial of service vulnerabilities.
Description
The version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability:

- A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.12 or later.
Alternatively, apply the workaround referenced in the vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.5009
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 93604
CVE CVE-2016-1000031
XREF TRA:TRA-2016-12
XREF IAVA:2018-A-0355-S
XREF CEA-ID:CEA-2021-0004
Plugin Information
Published: 2018/11/05, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.12
182281 - Apache Struts SEoL (2.3.0.x <= x <= 2.3.37.x)
-
Synopsis
An unsupported version of Apache Struts is installed on the remote host.
Description
According to its version, Apache Struts is between 2.3.0.x and 2.3.37.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Struts that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/09/29, Modified: 2023/11/02
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Security End of Life : November 14, 2018
Time since Security End of Life (Est.) : >= 7 years

119499 - Elasticsearch ESA-2015-06
-
Synopsis
The remote web server hosts a Java application that is vulnerable.
Description
Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution.
See Also
Solution
Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol port.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.399
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2018/12/07, Modified: 2019/11/01
Plugin Output

tcp/9200/elasticsearch


URL : http://192.168.122.168:9200/
Installed version : 1.1.1
Fixed version : 1.6.1 / 1.7.0
105752 - Elasticsearch Transport Protocol Unspecified Remote Code Execution
-
Synopsis
Elasticsearch contains an unspecified flaw related to the transport protocol that may allow a remote attacker to execute arbitrary code.
Description
Elasticsearch could allow a remote attacker to execute arbitrary code on the system, caused by an error in the transport protocol. An attacker could exploit this vulnerability to execute arbitrary code on the system.
See Also
Solution
Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol port
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.399
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2018/01/11, Modified: 2019/11/08
Plugin Output

tcp/9200/elasticsearch


URL : http://192.168.122.168:9200/
Installed version : 1.1.1
Fixed version : 1.6.1

117418 - KB4457145: Windows 7 and Windows Server 2008 R2 September 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4457145 or cumulative update 4457144. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8457)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2018-8424)

- An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.
(CVE-2018-8410)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8440)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8392, CVE-2018-8393)

- A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code.
(CVE-2018-8475)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2018-8421)

- An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2018-8433)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8447)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8420)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-8452)

- An elevation of privilege vulnerability exists in Windows that allows a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges when code execution is attempted.
The security update addresses the vulnerability by correcting how Windows parses files. (CVE-2018-8468)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2018-8442, CVE-2018-8443)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8419)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8434)

- An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.
(CVE-2018-8271)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8332)

- An information disclosure vulnerability exists when the browser scripting engine improperly handle object types.
An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a malicious site and leverage the vulnerability to obtain privileged information from the browser process, such as sensitive data from other opened tabs. An attacker could also inject malicious code into advertising networks used by trusted sites or embed malicious code on a compromised, but trusted, site. The security update addresses the vulnerability by correcting how the browser scripting engine handles object types. (CVE-2018-8315)

- A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition. An attacker could use the UXSS vulnerability to access any session belonging to web pages currently opened (or cached) by the browser at the time the attack is triggered. (CVE-2018-8470)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8336, CVE-2018-8446)
See Also
Solution
Apply Security Only update KB4457145 or Cumulative Update KB4457144.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.7564
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 105153
BID 105207
BID 105213
BID 105214
BID 105217
BID 105222
BID 105228
BID 105234
BID 105238
BID 105239
BID 105246
BID 105247
BID 105248
BID 105251
BID 105252
BID 105256
BID 105257
BID 105259
BID 105261
BID 105264
BID 105267
BID 105275
BID 105277
BID 105357
CVE CVE-2018-8271
CVE CVE-2018-8315
CVE CVE-2018-8332
CVE CVE-2018-8336
CVE CVE-2018-8392
CVE CVE-2018-8393
CVE CVE-2018-8410
CVE CVE-2018-8419
CVE CVE-2018-8420
CVE CVE-2018-8421
CVE CVE-2018-8422
CVE CVE-2018-8424
CVE CVE-2018-8433
CVE CVE-2018-8434
CVE CVE-2018-8440
CVE CVE-2018-8442
CVE CVE-2018-8443
CVE CVE-2018-8446
CVE CVE-2018-8447
CVE CVE-2018-8452
CVE CVE-2018-8457
CVE CVE-2018-8468
CVE CVE-2018-8470
CVE CVE-2018-8475
MSKB 4457144
MSKB 4457145
XREF MSFT:MS18-4457144
XREF MSFT:MS18-4457145
XREF CISA-KNOWN-EXPLOITED:2022/04/18
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2018/09/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4457144
- 4457145

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24231
118913 - KB4467106: Windows 7 and Windows Server 2008 R2 November 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4467106 or cumulative update 4467107. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8552)

- A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8450)

- A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files.
An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. (CVE-2018-8256)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8570)

- An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
(CVE-2018-8563)

- A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code.
(CVE-2018-8415)

- A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
(CVE-2018-8476)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8589)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8544)

- An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2018-8550)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2018-8408)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8562)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2018-8553)

- An information disclosure vulnerability exists when &quot;Kernel Remote Procedure Call Provider&quot; driver improperly initializes objects in memory.
(CVE-2018-8407)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-8565)
See Also
Solution
Apply Security Only update KB4467106 or Cumulative Update KB4467107.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.7286
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 105774
BID 105777
BID 105778
BID 105781
BID 105783
BID 105786
BID 105787
BID 105789
BID 105790
BID 105791
BID 105792
BID 105794
BID 105796
BID 105797
BID 105805
CVE CVE-2018-8256
CVE CVE-2018-8407
CVE CVE-2018-8408
CVE CVE-2018-8415
CVE CVE-2018-8450
CVE CVE-2018-8476
CVE CVE-2018-8544
CVE CVE-2018-8550
CVE CVE-2018-8552
CVE CVE-2018-8553
CVE CVE-2018-8562
CVE CVE-2018-8563
CVE CVE-2018-8565
CVE CVE-2018-8570
CVE CVE-2018-8589
MSKB 4467107
MSKB 4467106
XREF MSFT:MS18-4467107
XREF MSFT:MS18-4467106
XREF CISA-KNOWN-EXPLOITED:2022/06/13
Plugin Information
Published: 2018/11/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4467107
- 4467106

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24291
119582 - KB4471328: Windows 7 and Windows Server 2008 R2 December 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4471328 or cumulative update 4471318. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2018-8540)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2018-8595, CVE-2018-8596)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8631)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8639)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8477)

- An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. (CVE-2018-8514)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8611)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8625)

- A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user). (CVE-2018-8619)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8643)

- A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. (CVE-2018-8517)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8641)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2018-8621, CVE-2018-8622)
See Also
Solution
Apply Security Only update KB4471328 or Cumulative Update KB4471318.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7999
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-8477
CVE CVE-2018-8514
CVE CVE-2018-8517
CVE CVE-2018-8540
CVE CVE-2018-8595
CVE CVE-2018-8596
CVE CVE-2018-8611
CVE CVE-2018-8619
CVE CVE-2018-8621
CVE CVE-2018-8622
CVE CVE-2018-8625
CVE CVE-2018-8631
CVE CVE-2018-8639
CVE CVE-2018-8641
CVE CVE-2018-8643
MSKB 4471328
MSKB 4471318
XREF MSFT:MS18-4471328
XREF MSFT:MS18-4471318
XREF CISA-KNOWN-EXPLOITED:2025/03/24
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Plugin Information
Published: 2018/12/11, Modified: 2025/04/08
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4471328
- 4471318

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24308
122118 - KB4486564: Windows 7 and Windows Server 2008 R2 February 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4486564 or cumulative update 4486563. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
(CVE-2019-0630)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)

- An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)

- A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.
(CVE-2019-0676)

- A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.
(CVE-2019-0657)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)

- An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.
(CVE-2019-0636)

- A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.
(CVE-2019-0654)

- A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
(CVE-2019-0663)
See Also
Solution
Apply Security Only update KB4486564 or Cumulative Update KB4486563.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.5622
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2019/02/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4486564
- 4486563

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24354
125063 - KB4499175: Windows 7 and Windows Server 2008 R2 May 2019 Security Update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (BlueKeep)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4499175 or cumulative update 4499164. It is, therefore, affected by multiple vulnerabilities :

- A new subclass of speculative execution side channel vulnerabilities, known as Microarchitectural Data Sampling, exist in Windows.
An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.
(CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

- A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing. (CVE-2019-0820)

- A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. (CVE-2019-0885)

- An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel properly handles key enumeration. (CVE-2019-0881)

- An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2019-0936)

- An spoofing vulnerability exists when Internet Explorer improperly handles URLs. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. (CVE-2019-0921)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0940)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-0884, CVE-2019-0911, CVE-2019-0918)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902)

- A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0725)

- A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. (CVE-2019-0864)

- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0708)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0758, CVE-2019-0882, CVE-2019-0961)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0930)

- An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator. The update addresses this vulnerability by changing how these requests are validated. (CVE-2019-0734)

- An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. (CVE-2019-0863)

- A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests.
An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application.
The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests. (CVE-2019-0980, CVE-2019-0981)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0903)
See Also
Solution
Apply Security Only update KB4499175 or Cumulative Update KB4499164.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9446
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-12126
CVE CVE-2018-12127
CVE CVE-2018-12130
CVE CVE-2019-0708
CVE CVE-2019-0725
CVE CVE-2019-0734
CVE CVE-2019-0758
CVE CVE-2019-0820
CVE CVE-2019-0863
CVE CVE-2019-0864
CVE CVE-2019-0881
CVE CVE-2019-0882
CVE CVE-2019-0884
CVE CVE-2019-0885
CVE CVE-2019-0889
CVE CVE-2019-0890
CVE CVE-2019-0891
CVE CVE-2019-0893
CVE CVE-2019-0894
CVE CVE-2019-0895
CVE CVE-2019-0896
CVE CVE-2019-0897
CVE CVE-2019-0898
CVE CVE-2019-0899
CVE CVE-2019-0900
CVE CVE-2019-0901
CVE CVE-2019-0902
CVE CVE-2019-0903
CVE CVE-2019-0911
CVE CVE-2019-0918
CVE CVE-2019-0921
CVE CVE-2019-0930
CVE CVE-2019-0936
CVE CVE-2019-0940
CVE CVE-2019-0961
CVE CVE-2019-0980
CVE CVE-2019-0981
CVE CVE-2019-11091
MSKB 4499164
MSKB 4499175
XREF MSFT:MS19-4499164
XREF MSFT:MS19-4499175
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CEA-ID:CEA-2020-0129
XREF CEA-ID:CEA-2019-0700
XREF CEA-ID:CEA-2019-0324
XREF CEA-ID:CEA-2019-0547
XREF CEA-ID:CEA-2019-0326
XREF CISA-KNOWN-EXPLOITED:2022/04/15
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2019/05/14, Modified: 2025/07/19
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4499164
- 4499175

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24441
127846 - KB4512486: Windows 7 and Windows Server 2008 R2 August 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4512486 or cumulative update 4512506. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1162)

- A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.
(CVE-2019-1192)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)

- A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
(CVE-2019-1143, CVE-2019-1154, CVE-2019-1158)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)

- <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.
(CVE-2019-9506)

- An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1169)

- An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)

- An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1178)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)

- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0723)

- A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. (CVE-2019-0736)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-1133, CVE-2019-1194)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)

- An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1177)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1228)

- A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)

- A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. (CVE-2019-1212)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)
See Also
Solution
Apply Security Only update KB4512486 or Cumulative Update KB4512506.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.7829
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2019/08/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4512506
- 4512486

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24511
128640 - KB4516033: Windows 7 and Windows Server 2008 R2 September 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4516033 or cumulative update 4516065. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719)

- An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)

- An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)

- An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2019-1283)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)

- An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)

- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)

- An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.
(CVE-2019-1293)

- An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
(CVE-2019-1244, CVE-2019-1245)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)

- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1290, CVE-2019-1291)

- A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.
(CVE-2019-1220)

- An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)

- An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
(CVE-2019-1216)

- An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.
(CVE-2019-1271)

- An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1284)

- An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)

- An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-1221)
See Also
Solution
Apply Security Only update KB4516033 or Cumulative Update KB4516065.
Risk Factor
High
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.7 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.4485
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2019/09/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4516065
- 4516033

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24520
129718 - KB4520003: Windows 7 and Windows Server 2008 R2 October 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4520003 or cumulative update 4519976. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1358, CVE-2019-1359)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1371)

- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1333)

- A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.
(CVE-2019-1338)

- A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1166)

- An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.
An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2019-1319)

- A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information. (CVE-2019-1318)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1346)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1238)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2019-1363)

- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2019-1326)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1362, CVE-2019-1364)

- An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. (CVE-2019-1342)

- An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems. When this vulnerability is exploited within other versions of Windows it can cause a denial of service, but not an elevation of privilege. (CVE-2019-1325)

- An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1344)

- An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. (CVE-2019-1315, CVE-2019-1339)

- An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.
The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests. (CVE-2019-1365)

- A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies. An attacker who successfully exploited this vulnerability could trick a browser into overwriting a secure cookie with an insecure cookie. The insecure cookie could serve as a pivot to chain an attack with other vulnerabilities in web services. (CVE-2019-1357)

- An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2019-1361)

- A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. (CVE-2019-0608)

- An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function. An attacker who successfully exploited this vulnerability could delete a targeted registry key leading to an elevated status.
(CVE-2019-1341)
See Also
Solution
Apply Security Only update KB4520003 or Cumulative Update KB4519976.
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.5636
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2019/10/08, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4519976
- 4520003

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24524
130905 - KB4525233: Windows 7 and Windows Server 2008 R2 November 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4525233 or cumulative update 4525235. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397)

- A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)

- An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
(CVE-2019-1411, CVE-2019-1432)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)

- An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)

- An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-1429)

- A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1434)

- An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.
Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.
(CVE-2019-1418)

- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)

- An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)

- An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)

- An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)

- A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)

- A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1441)

- An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.
(CVE-2019-1409)

- An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)
See Also
Solution
Apply Security Only update KB4525233 or Cumulative Update KB4525235.
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.8229
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-12207
CVE CVE-2019-0712
CVE CVE-2019-0719
CVE CVE-2019-1382
CVE CVE-2019-1384
CVE CVE-2019-1388
CVE CVE-2019-1389
CVE CVE-2019-1390
CVE CVE-2019-1391
CVE CVE-2019-1393
CVE CVE-2019-1394
CVE CVE-2019-1395
CVE CVE-2019-1396
CVE CVE-2019-1397
CVE CVE-2019-1399
CVE CVE-2019-1405
CVE CVE-2019-1406
CVE CVE-2019-1407
CVE CVE-2019-1408
CVE CVE-2019-1409
CVE CVE-2019-1411
CVE CVE-2019-1412
CVE CVE-2019-1415
CVE CVE-2019-1418
CVE CVE-2019-1419
CVE CVE-2019-1422
CVE CVE-2019-1424
CVE CVE-2019-1429
CVE CVE-2019-1432
CVE CVE-2019-1433
CVE CVE-2019-1434
CVE CVE-2019-1435
CVE CVE-2019-1438
CVE CVE-2019-1439
CVE CVE-2019-1441
CVE CVE-2019-1454
CVE CVE-2019-1456
CVE CVE-2019-11135
MSKB 4525235
MSKB 4525233
XREF MSFT:MS19-4525235
XREF MSFT:MS19-4525233
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/04/05
XREF CISA-KNOWN-EXPLOITED:2023/04/28
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2019/11/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4525235
- 4525233

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24535
132866 - KB4534314: Windows 7 and Windows Server 2008 R2 January 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4534314 or cumulative update 4534310. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users'
credentials. (CVE-2020-0637)

- An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)

- A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-0605, CVE-2020-0606)

- An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)

- An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)

- An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)

- An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)

- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2020-0646)

- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-0611)
See Also
Solution
Apply Security Only update KB4534314 or Cumulative Update KB4534310.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.9386
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2020-0605
CVE CVE-2020-0606
CVE CVE-2020-0607
CVE CVE-2020-0608
CVE CVE-2020-0611
CVE CVE-2020-0615
CVE CVE-2020-0620
CVE CVE-2020-0625
CVE CVE-2020-0626
CVE CVE-2020-0627
CVE CVE-2020-0628
CVE CVE-2020-0629
CVE CVE-2020-0630
CVE CVE-2020-0631
CVE CVE-2020-0632
CVE CVE-2020-0634
CVE CVE-2020-0635
CVE CVE-2020-0637
CVE CVE-2020-0639
CVE CVE-2020-0640
CVE CVE-2020-0642
CVE CVE-2020-0643
CVE CVE-2020-0646
MSKB 4534310
MSKB 4534314
XREF MSFT:MS20-4534310
XREF MSFT:MS20-4534314
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information
Published: 2020/01/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4534310
- 4534314

- C:\Windows\system32\crypt32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24542
136507 - KB4556843: Windows 7 and Windows Server 2008 R2 May 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4556843 or cumulative update 4556836. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core or .NET Framework application. The update addresses the vulnerability by correcting how the .NET Core or .NET Framework web application handles web requests. (CVE-2020-1108)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-1141)

- A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets. (CVE-2020-0909)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1072)

- An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2020-1116)

- An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1048, CVE-2020-1070)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1051, CVE-2020-1174, CVE-2020-1175, CVE-2020-1176)

- An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.
(CVE-2020-1010)

- An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. (CVE-2020-1066)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0963, CVE-2020-1179)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1062, CVE-2020-1092)

- An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-1078)

- A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1064)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1153)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-1054, CVE-2020-1143)

- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1150)

- A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. (CVE-2020-1067)

- A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1113)

- An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder. (CVE-2020-1112)

- An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.
(CVE-2020-1081)

- A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1061)

- An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2020-1071)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1114)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1154)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1035, CVE-2020-1058, CVE-2020-1060, CVE-2020-1093)
See Also
Solution
Apply Security Only update KB4556843 or Cumulative Update KB4556836.

Please Note: These updates are only available through Microsoft's Extended Support Updates program.
This operating system is otherwise unsupported.
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.8234
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/05/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4556836
- 4556843

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24553
142683 - KB4586805: Windows 7 and Windows Server 2008 R2 November 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.
See Also
Solution
Apply Security Only update KB4586805 or Cumulative Update KB4586827.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.2041
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1599
CVE CVE-2020-16997
CVE CVE-2020-17000
CVE CVE-2020-17001
CVE CVE-2020-17004
CVE CVE-2020-17011
CVE CVE-2020-17014
CVE CVE-2020-17029
CVE CVE-2020-17036
CVE CVE-2020-17038
CVE CVE-2020-17042
CVE CVE-2020-17043
CVE CVE-2020-17044
CVE CVE-2020-17045
CVE CVE-2020-17047
CVE CVE-2020-17051
CVE CVE-2020-17052
CVE CVE-2020-17068
CVE CVE-2020-17069
CVE CVE-2020-17087
CVE CVE-2020-17088
MSKB 4586827
MSKB 4586805
XREF MSFT:MS20-4586827
XREF MSFT:MS20-4586805
XREF IAVA:2020-A-0513-S
XREF IAVA:2020-A-0518-S
XREF IAVA:2020-A-0521-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CEA-ID:CEA-2020-0135
XREF CEA-ID:CEA-2020-0124
Plugin Information
Published: 2020/11/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4586827
- 4586805

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24562
144877 - KB4598289: Windows 7 and Windows Server 2008 R2 January 2021 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4598289 or cumulative update 4598279. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-1657, CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1665, CVE-2021-1666, CVE-2021-1667, CVE-2021-1668, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-1649, CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1661, CVE-2021-1688, CVE-2021-1693, CVE-2021-1694, CVE-2021-1695, CVE-2021-1702, CVE-2021-1704, CVE-2021-1706, CVE-2021-1709)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. (CVE-2021-1674, CVE-2021-1678)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-1656, CVE-2021-1676, CVE-2021-1696, CVE-2021-1699, CVE-2021-1708)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-1679)
See Also
Solution
Apply Security Only update KB4598289 or Cumulative Update KB4598279.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.6343
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/01/12, Modified: 2024/11/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4598279
- 4598289

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24564
146342 - KB4601363: Windows 7 and Windows Server 2008 R2 February 2021 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4601363 or cumulative update 4601347. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (Enforcement mode) (CVE-2020-1472)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-24080, CVE-2021-24086)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-1727, CVE-2021-24102, CVE-2021-24103, CVE-2021-25195)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-1722, CVE-2021-24074, CVE-2021-24077, CVE-2021-24078, CVE-2021-24083, CVE-2021-24088, CVE-2021-24094)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-1734)
See Also
Solution
Apply Security Only update KB4601363 or Cumulative Update KB4601347.
Risk Factor
High
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
10.0
EPSS Score
0.9438
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1472
CVE CVE-2021-1722
CVE CVE-2021-1727
CVE CVE-2021-1734
CVE CVE-2021-24074
CVE CVE-2021-24077
CVE CVE-2021-24078
CVE CVE-2021-24080
CVE CVE-2021-24083
CVE CVE-2021-24086
CVE CVE-2021-24088
CVE CVE-2021-24094
CVE CVE-2021-24102
CVE CVE-2021-24103
CVE CVE-2021-25195
MSKB 4601363
MSKB 4601347
XREF MSFT:MS21-4601363
XREF MSFT:MS21-4601347
XREF CISA-NCAS:AA22-011A
XREF CEA-ID:CEA-2020-0129
XREF CEA-ID:CEA-2020-0101
XREF CEA-ID:CEA-2021-0025
XREF CEA-ID:CEA-2021-0008
XREF CEA-ID:CEA-2020-0121
XREF CEA-ID:CEA-2023-0016
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
Core Impact (true)
Plugin Information
Published: 2021/02/09, Modified: 2026/01/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4601363
- 4601347

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24565
152436 - KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5005089 or cumulative update 5005088. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-34480)
See Also
Solution
Apply Security Only update KB5005089 or Cumulative Update KB5005088.
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.9355
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26424
CVE CVE-2021-26425
CVE CVE-2021-34480
CVE CVE-2021-34481
CVE CVE-2021-34483
CVE CVE-2021-34484
CVE CVE-2021-34533
CVE CVE-2021-34535
CVE CVE-2021-34537
CVE CVE-2021-36927
CVE CVE-2021-36936
CVE CVE-2021-36937
CVE CVE-2021-36942
CVE CVE-2021-36947
MSKB 5005036
MSKB 5005088
MSKB 5005089
XREF IAVA:2021-A-0373-S
XREF IAVA:2021-A-0374-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
XREF CISA-KNOWN-EXPLOITED:2022/04/21
XREF MSFT:MS21-5005036
XREF MSFT:MS21-5005088
XREF MSFT:MS21-5005089
Plugin Information
Published: 2021/08/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5005089
- 5005088

- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25684
156069 - KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5008282 or cumulative update 5008244. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-40441, CVE-2021-41333, CVE-2021-43207, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43238, CVE-2021-43245, CVE-2021-43883, CVE-2021-43893)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43215, CVE-2021-43217, CVE-2021-43233, CVE-2021-43234)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43236)
Solution
Apply Security Only update KB5008282 or Cumulative Update KB5008244.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.2366
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-40441
CVE CVE-2021-41333
CVE CVE-2021-43207
CVE CVE-2021-43215
CVE CVE-2021-43216
CVE CVE-2021-43217
CVE CVE-2021-43222
CVE CVE-2021-43223
CVE CVE-2021-43224
CVE CVE-2021-43226
CVE CVE-2021-43229
CVE CVE-2021-43230
CVE CVE-2021-43233
CVE CVE-2021-43234
CVE CVE-2021-43236
CVE CVE-2021-43238
CVE CVE-2021-43245
CVE CVE-2021-43883
CVE CVE-2021-43893
XREF MSFT:MS21-5008244
XREF MSFT:MS21-5008282
XREF IAVA:2021-A-0586-S
XREF IAVA:2021-A-0582-S
XREF CISA-KNOWN-EXPLOITED:2025/10/27
Plugin Information
Published: 2021/12/14, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5008282
- 5008244

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25792
159672 - KB5012649: Windows 7 and Windows Server 2008 R2 Security Update (April 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5012639 or cumulative update 5012639. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-24474, CVE-2022-24481, CVE-2022-24494, CVE-2022-24499, CVE-2022-24521, CVE-2022-24527, CVE-2022-24530, CVE-2022-24540, CVE-2022-24542, CVE-2022-24544, CVE-2022-24547, CVE-2022-24550, CVE-2022-26786, CVE-2022-26787, CVE-2022-26788, CVE-2022-26790, CVE-2022-26792, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803, CVE-2022-26807, CVE-2022-26808, CVE-2022-26810, CVE-2022-26827, CVE-2022-26904)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21983, CVE-2022-22008, CVE-2022-24485, CVE-2022-24491, CVE-2022-24492, CVE-2022-24500, CVE-2022-24528, CVE-2022-24533, CVE-2022-24534, CVE-2022-24536, CVE-2022-24541, CVE-2022-26809, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26829, CVE-2022-26903, CVE-2022-26916, CVE-2022-26917, CVE-2022-26918, CVE-2022-26919)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-24493,CVE-2022-24498)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-26915, CVE-2022-26831)
See Also
Solution
Apply Security Only update KB5012649 or Cumulative Update KB5012626.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9256
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/04/12, Modified: 2024/11/28
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5012649
- 5012626

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25920
163952 - KB5016679: Windows 7 and Windows Server 2008 R2 Security Update (August 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5016679. It is, therefore, affected by multiple vulnerabilities

- Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)

- Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)

- Windows WebBrowser Control Remote Code Execution Vulnerability (CVE-2022-30194)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5016679 or Cumulative Update 5016676
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.214
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-30133
CVE CVE-2022-30194
CVE CVE-2022-34689
CVE CVE-2022-34690
CVE CVE-2022-34691
CVE CVE-2022-34701
CVE CVE-2022-34702
CVE CVE-2022-34706
CVE CVE-2022-34707
CVE CVE-2022-34708
CVE CVE-2022-34713
CVE CVE-2022-34714
CVE CVE-2022-35743
CVE CVE-2022-35744
CVE CVE-2022-35745
CVE CVE-2022-35747
CVE CVE-2022-35750
CVE CVE-2022-35751
CVE CVE-2022-35752
CVE CVE-2022-35753
CVE CVE-2022-35756
CVE CVE-2022-35758
CVE CVE-2022-35759
CVE CVE-2022-35760
CVE CVE-2022-35767
CVE CVE-2022-35768
CVE CVE-2022-35769
CVE CVE-2022-35793
CVE CVE-2022-35795
CVE CVE-2022-35820
MSKB 5016676
MSKB 5016679
XREF MSFT:MS22-5016676
XREF MSFT:MS22-5016679
XREF CISA-KNOWN-EXPLOITED:2022/08/30
XREF IAVA:2022-A-0320-S
XREF IAVA:2022-A-0319-S
Plugin Information
Published: 2022/08/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5016679
- 5016676

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26063
165002 - KB5017373: Windows Server 2008 R2 Security Update (September 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5017373. It is, therefore, affected by multiple vulnerabilities

- Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30200)

- Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-33647, CVE-2022-33679)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5017373 or Cumulative Update 5017361
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.8578
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-26929
CVE CVE-2022-30170
CVE CVE-2022-30200
CVE CVE-2022-33647
CVE CVE-2022-33679
CVE CVE-2022-34718
CVE CVE-2022-34719
CVE CVE-2022-34720
CVE CVE-2022-34721
CVE CVE-2022-34722
CVE CVE-2022-34724
CVE CVE-2022-34726
CVE CVE-2022-34727
CVE CVE-2022-34728
CVE CVE-2022-34729
CVE CVE-2022-34730
CVE CVE-2022-34731
CVE CVE-2022-34732
CVE CVE-2022-34733
CVE CVE-2022-34734
CVE CVE-2022-35803
CVE CVE-2022-35830
CVE CVE-2022-35832
CVE CVE-2022-35833
CVE CVE-2022-35834
CVE CVE-2022-35835
CVE CVE-2022-35836
CVE CVE-2022-35837
CVE CVE-2022-35840
CVE CVE-2022-37955
CVE CVE-2022-37956
CVE CVE-2022-37958
CVE CVE-2022-37964
CVE CVE-2022-37969
CVE CVE-2022-38004
CVE CVE-2022-38005
CVE CVE-2022-38006
MSKB 5017361
MSKB 5017373
XREF MSFT:MS22-5017361
XREF MSFT:MS22-5017373
XREF CISA-KNOWN-EXPLOITED:2022/10/05
XREF IAVA:2022-A-0376-S
XREF IAVA:2022-A-0369-S
XREF IAVA:2022-A-0368-S
XREF CEA-ID:CEA-2022-0042
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/09/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5017373
- 5017361

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26111
171440 - KB5022874: Windows Server 2008 R2 Security Update (February 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022874. It is, therefore, affected by multiple vulnerabilities

- Microsoft PostScript Printer Driver Remote Code Execution Vulnerability (CVE-2023-21684, CVE-2023-21801)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21685, CVE-2023-21686, CVE-2023-21799)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-21689)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022874 or Cumulative Update 5022872
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.3048
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/02/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022874
- 5022872

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26362
172517 - KB5023759: Windows Server 2008 R2 Security Update (March 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5023759. It is, therefore, affected by multiple vulnerabilities

- Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability (CVE-2023-23415)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2023-21708, CVE-2023-23405, CVE-2023-24869, CVE-2023-24908)

- Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability (CVE-2023-23385)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5023759 or Cumulative Update 5023769
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.256
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21708
CVE CVE-2023-23385
CVE CVE-2023-23394
CVE CVE-2023-23401
CVE CVE-2023-23402
CVE CVE-2023-23405
CVE CVE-2023-23407
CVE CVE-2023-23409
CVE CVE-2023-23410
CVE CVE-2023-23414
CVE CVE-2023-23415
CVE CVE-2023-23420
CVE CVE-2023-23421
CVE CVE-2023-23422
CVE CVE-2023-23423
CVE CVE-2023-24861
CVE CVE-2023-24862
CVE CVE-2023-24869
CVE CVE-2023-24908
CVE CVE-2023-24910
MSKB 5023759
MSKB 5023769
XREF MSFT:MS23-5023759
XREF MSFT:MS23-5023769
XREF IAVA:2023-A-0135-S
XREF IAVA:2023-A-0139-S
Plugin Information
Published: 2023/03/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5023769
- 5023759

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26413
174103 - KB5025277: Windows Server 2008 R2 Security Update (April 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5025277. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5025277 or Cumulative Update 5025279
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9216
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/04/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5025279
- 5025277

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26465
175344 - KB5026426: Windows Server 2008 R2 Security Update (May 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5026426. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-24943)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-28283)

- Windows NTLM Security Support Provider Information Disclosure Vulnerability (CVE-2023-24900)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5026426 or Cumulative Update 5026413
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7946
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24900
CVE CVE-2023-24903
CVE CVE-2023-24904
CVE CVE-2023-24932
CVE CVE-2023-24940
CVE CVE-2023-24942
CVE CVE-2023-24943
CVE CVE-2023-24945
CVE CVE-2023-24946
CVE CVE-2023-28251
CVE CVE-2023-28283
CVE CVE-2023-29324
CVE CVE-2023-29325
CVE CVE-2023-29336
MSKB 5026413
MSKB 5026426
XREF MSFT:MS23-5026413
XREF MSFT:MS23-5026426
XREF IAVA:2023-A-0248-S
XREF IAVA:2023-A-0249-S
XREF CISA-KNOWN-EXPLOITED:2023/05/30
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/05/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5026426
- 5026413

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26517
177241 - KB5027256: Windows Server 2008 R2 Security Update (June 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5027256. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-29363, CVE-2023-32014, CVE-2023-32015)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-29373)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-29372)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5027256 or Cumulative Update 5027275
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.1431
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29346
CVE CVE-2023-29351
CVE CVE-2023-29358
CVE CVE-2023-29359
CVE CVE-2023-29362
CVE CVE-2023-29363
CVE CVE-2023-29364
CVE CVE-2023-29365
CVE CVE-2023-29368
CVE CVE-2023-29371
CVE CVE-2023-29372
CVE CVE-2023-29373
CVE CVE-2023-32011
CVE CVE-2023-32014
CVE CVE-2023-32015
CVE CVE-2023-32016
CVE CVE-2023-32017
CVE CVE-2023-32020
MSKB 5027256
MSKB 5027275
XREF MSFT:MS23-5027256
XREF MSFT:MS23-5027275
XREF IAVA:2023-A-0305-S
XREF IAVA:2023-A-0306-S
Plugin Information
Published: 2023/06/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5027275
- 5027256

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26561
178168 - KB5028224: Windows Server 2008 R2 Security Update (July 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5028224. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)

- Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)

- Microsoft Failover Cluster Remote Code Execution Vulnerability (CVE-2023-32033)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5028224 or Cumulative Update 5028240
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7121
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/07/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5028240
- 5028224

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26623
179489 - KB5029307: Windows Server 2008 R2 Security Update (August 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5029307. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)

- Windows Fax Service Remote Code Execution Vulnerability (CVE-2023-35381)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5029307 or Cumulative Update 5029296
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9322
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-20569
CVE CVE-2023-35359
CVE CVE-2023-35376
CVE CVE-2023-35377
CVE CVE-2023-35379
CVE CVE-2023-35380
CVE CVE-2023-35381
CVE CVE-2023-35383
CVE CVE-2023-35385
CVE CVE-2023-36876
CVE CVE-2023-36882
CVE CVE-2023-36884
CVE CVE-2023-36889
CVE CVE-2023-36900
CVE CVE-2023-36903
CVE CVE-2023-36906
CVE CVE-2023-36907
CVE CVE-2023-36908
CVE CVE-2023-36909
CVE CVE-2023-36910
CVE CVE-2023-36911
CVE CVE-2023-36912
CVE CVE-2023-36913
CVE CVE-2023-38172
CVE CVE-2023-38184
CVE CVE-2023-38254
MSKB 5029296
MSKB 5029307
XREF MSFT:MS23-5029296
XREF MSFT:MS23-5029307
XREF IAVA:2023-A-0418-S
XREF IAVA:2023-A-0409-S
XREF IAVA:2023-A-0402-S
XREF IAVA:2023-A-0412-S
XREF IAVA:2023-A-0416-S
XREF CISA-KNOWN-EXPLOITED:2023/08/29
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/08/08, Modified: 2024/11/13
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5029307
- 5029296

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26662
182857 - KB5031441: Windows Server 2008 R2 Security Update (October 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5031441. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577)

- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434)

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35349, CVE-2023-36570, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36578, CVE-2023-36582, CVE-2023-36583, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593, CVE-2023-36697)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5031441 or Cumulative Update 5031408
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.4976
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/10/10, Modified: 2024/09/24
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5031441
- 5031408

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26769
185587 - KB5032250: Windows Server 2008 R2 Security Update (November 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5032250. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-36025)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5032250 or Cumulative Update 5032252
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9021
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36017
CVE CVE-2023-36025
CVE CVE-2023-36036
CVE CVE-2023-36393
CVE CVE-2023-36395
CVE CVE-2023-36397
CVE CVE-2023-36401
CVE CVE-2023-36402
CVE CVE-2023-36403
CVE CVE-2023-36423
CVE CVE-2023-36424
CVE CVE-2023-36425
CVE CVE-2023-36428
CVE CVE-2023-36705
CVE CVE-2023-36719
MSKB 5032250
MSKB 5032252
XREF MSFT:MS23-5032250
XREF MSFT:MS23-5032252
XREF CISA-KNOWN-EXPLOITED:2023/12/05
XREF IAVA:2023-A-0638-S
XREF IAVA:2023-A-0636-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/11/14, Modified: 2024/09/24
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5032252
- 5032250

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26812
202030 - KB5040498: Windows Server 2008 R2 Security Update (July 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5040498. It is, therefore, affected by multiple vulnerabilities

- RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen- prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5040498 or Cumulative Update 5040497
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.8707
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/07/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5040498
- 5040497

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27216
205455 - KB5041823: Windows Server 2008 R2 Security Update (August 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5041823. It is, therefore, affected by multiple vulnerabilities

- Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability (CVE-2024-38199)

- Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2024-38140)

- Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5041823 or Cumulative Update 5041838
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.8988
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-29995
CVE CVE-2024-37968
CVE CVE-2024-38063
CVE CVE-2024-38114
CVE CVE-2024-38115
CVE CVE-2024-38116
CVE CVE-2024-38117
CVE CVE-2024-38118
CVE CVE-2024-38120
CVE CVE-2024-38121
CVE CVE-2024-38122
CVE CVE-2024-38125
CVE CVE-2024-38127
CVE CVE-2024-38128
CVE CVE-2024-38130
CVE CVE-2024-38131
CVE CVE-2024-38134
CVE CVE-2024-38140
CVE CVE-2024-38144
CVE CVE-2024-38151
CVE CVE-2024-38152
CVE CVE-2024-38153
CVE CVE-2024-38154
CVE CVE-2024-38180
CVE CVE-2024-38193
CVE CVE-2024-38196
CVE CVE-2024-38198
CVE CVE-2024-38199
CVE CVE-2024-38214
MSKB 5041823
MSKB 5041838
XREF MSFT:MS24-5041823
XREF MSFT:MS24-5041838
XREF CISA-KNOWN-EXPLOITED:2024/09/03
XREF IAVA:2024-A-0500-S
XREF IAVA:2024-A-0499-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/08/13, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5041838
- 5041823

- C:\Windows\system32\shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27277
206904 - KB5043092: Windows Server 2008 R2 Security Update (September 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5043092. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)

- Windows Remote Desktop Licensing Service Spoofing Vulnerability (CVE-2024-43455)

- Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43467)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5043092 or Cumulative Update 5043129
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2639
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-30073
CVE CVE-2024-38014
CVE CVE-2024-38217
CVE CVE-2024-38231
CVE CVE-2024-38234
CVE CVE-2024-38236
CVE CVE-2024-38239
CVE CVE-2024-38245
CVE CVE-2024-38247
CVE CVE-2024-38249
CVE CVE-2024-38250
CVE CVE-2024-38256
CVE CVE-2024-38258
CVE CVE-2024-38260
CVE CVE-2024-38263
CVE CVE-2024-43454
CVE CVE-2024-43455
CVE CVE-2024-43461
CVE CVE-2024-43467
MSKB 5043092
MSKB 5043129
XREF MSFT:MS24-5043092
XREF MSFT:MS24-5043129
XREF CISA-KNOWN-EXPLOITED:2024/10/07
XREF CISA-KNOWN-EXPLOITED:2024/10/01
XREF IAVA:2024-A-0575-S
XREF IAVA:2024-A-0576-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/09/10, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5043129
- 5043092

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27317
208287 - KB5044321: Windows Server 2008 R2 Security Update (October 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5044321. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43607, CVE-2024-43608, CVE-2024-43611)

- Windows Netlogon Elevation of Privilege Vulnerability (CVE-2024-38124)

- Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5044321 or Cumulative Update 5044356
Risk Factor
Critical
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.605
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/10/08, Modified: 2024/11/15
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5044356
- 5044321

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27366
249133 - KB5063927: Windows Server 2008 R2 Security Update (August 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5063927. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

- Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
(CVE-2025-49761)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5063927 or Cumulative Update 5063947
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0127
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/08/12, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5063947
- 5063927

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27869
270385 - KB5066876: Windows Server 2008 R2 Security Update (October 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5066876. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5066876 or Cumulative Update 5066872
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.0824
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/10/14, Modified: 2025/11/18
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5066876
- 5066872

- C:\Windows\system32\iprtrmgr.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27970
274790 - KB5068908: Windows Server 2008 R2 Security Update (November 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5068908. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
(CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-60703, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60720, CVE-2025-60704, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59515, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217, CVE-2025-62218, CVE-2025-62219)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5068908 or Cumulative Update 5068904
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-59513
CVE CVE-2025-59514
CVE CVE-2025-60703
CVE CVE-2025-60704
CVE CVE-2025-60705
CVE CVE-2025-60709
CVE CVE-2025-60714
CVE CVE-2025-60715
CVE CVE-2025-60719
CVE CVE-2025-60720
CVE CVE-2025-60724
CVE CVE-2025-62213
CVE CVE-2025-62217
CVE CVE-2025-62452
MSKB 5068904
MSKB 5068908
XREF MSFT:MS25-5068904
XREF MSFT:MS25-5068908
XREF IAVA:2025-A-0850-S
XREF IAVA:2025-A-0851-S
Plugin Information
Published: 2025/11/11, Modified: 2026/01/21
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5068908
- 5068904

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.28017
87893 - MS KB3118753: Update for ActiveX Kill Bits
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities.

If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues.

Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 3118753
Plugin Information
Published: 2016/01/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{D4C0DB38-B682-42A8-AF62-DB9247543354}
53377 - MS11-020: Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
-
Synopsis
It is possible to execute arbitrary code on the remote Windows host due to flaws in its SMB implementation.
Description
The remote host is affected by a vulnerability in the SMB server that may allow an attacker to execute arbitrary code or perform a denial of service against the remote host.
See Also
Solution
Microsoft has released a set of patches for Windows XP, Vista, 2008, 7, and 2008 R2.
Risk Factor
Critical
VPR Score
6.7
EPSS Score
0.6517
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 47198
CVE CVE-2011-0661
MSKB 2508429
XREF IAVA:2011-A-0050-S
XREF MSFT:MS11-020
Plugin Information
Published: 2011/04/13, Modified: 2020/08/05
Plugin Output

tcp/445/cifs



KB : 2508429
- C:\Windows\system32\drivers\Srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17565
56736 - MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
-
Synopsis
The remote Windows host has a code execution vulnerability.
Description
The TCP/IP stack in use on the remote Windows host is affected by an integer overflow vulnerability. Sending a continuous flow of specially crafted UDP packets to a closed port can result in arbitrary code execution in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
Critical
VPR Score
6.7
EPSS Score
0.4971
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 50517
CVE CVE-2011-2013
MSKB 2588516
XREF CERT:951982
XREF MSFT:MS11-083
Plugin Information
Published: 2011/11/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2588516
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17697
61529 - MS12-054: Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
-
Synopsis
The remote Windows host is potentially affected by multiple code execution vulnerabilities.
Description
The remote Windows host is potentially affected by the following vulnerabilities :

- A denial of service vulnerability exists in Windows networking components. The vulnerability is due to the service not properly handling specially crafted RAP requests. (CVE-2012-1850)

- A remote code execution vulnerability exists in the Windows Print Spooler service that can allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. (CVE-2012-1851)

- A remote code execution vulnerability exists in the way that Windows networking components handle specially crafted RAP responses.
(CVE-2012-1852, CVE-2012-1853)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Critical
VPR Score
7.4
EPSS Score
0.7245
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 54921
BID 54928
BID 54931
BID 54940
CVE CVE-2012-1850
CVE CVE-2012-1851
CVE CVE-2012-1852
CVE CVE-2012-1853
MSKB 2705219
MSKB 2712808
XREF MSFT:MS12-054
XREF IAVA:2012-A-0137
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/08/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2705219
- C:\Windows\System32\netapi32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17887
62907 - MS12-075: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
-
Synopsis
The remote Windows host is affected by remote code execution vulnerabilities.
Description
The remote Windows host is affected by the following remote code execution vulnerabilities:

- Two use-after-free vulnerabilities exist within Windows kernel-mode drivers. (CVE-2012-2530, CVE-2012-2553)

- A TrueType Font Parsing vulnerability exists due to the way TrueType font files are handled. (CVE-2012-2897)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Critical
VPR Score
8.9
EPSS Score
0.362
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 56447
BID 56448
BID 56457
CVE CVE-2012-2530
CVE CVE-2012-2553
CVE CVE-2012-2897
MSKB 2761226
XREF MSFT:MS12-075
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/11/14, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2761226
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17977
63225 - MS12-078: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
-
Synopsis
The remote Windows host is affected by remote code execution vulnerabilities.
Description
The remote Windows host is affected by the following remote code execution vulnerabilities :

- An OpenType Font parsing vulnerability exists due to the way OpenType font files are handled. (CVE-2012-2556)

- A TrueType Font parsing vulnerability exists due to the way TrueType font files are handled.(CVE-2012-4786)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Critical
VPR Score
8.9
EPSS Score
0.5863
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 56841
BID 56842
CVE CVE-2012-2556
CVE CVE-2012-4786
MSKB 2753842
MSKB 2779030
XREF MSFT:MS12-078
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/12/11, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2779030
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18009

KB : 2753842
- C:\Windows\system32\Atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.237
63419 - MS13-001: Vulnerabilities in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
-
Synopsis
The remote Windows host is potentially affected by a code execution vulnerability.
Description
The remote Windows host is potentially affected by a vulnerability that could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.
See Also
Solution
Microsoft has released a set of patches for Windows 7, and 2008 R2.
Risk Factor
Critical
VPR Score
5.9
EPSS Score
0.3631
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
BID 57142
CVE CVE-2013-0011
MSKB 2769369
XREF MSFT:MS13-001
Plugin Information
Published: 2013/01/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2769369
- C:\Windows\system32\win32spl.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17994
64576 - MS13-015: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to a flaw in the way .NET elevates the permissions of a callback function when a particular Windows Forms object is created.
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Critical
VPR Score
5.9
EPSS Score
0.5917
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 57847
CVE CVE-2013-0073
MSKB 2789642
MSKB 2789643
MSKB 2789644
MSKB 2789645
MSKB 2789646
MSKB 2789648
MSKB 2789649
MSKB 2789650
XREF MSFT:MS13-015
XREF IAVA:2013-A-0040-S
Plugin Information
Published: 2013/02/12, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5468
69327 - MS13-062: Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
-
Synopsis
The Windows install on the remote host is affected by a privilege escalation vulnerability.
Description
The remote host contains a flaw in the way that Windows handles asynchronous RPC requests, which can lead to elevation of privileges.
An attacker could exploit this issue to run arbitrary code and take complete control of an affected system.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Critical
VPR Score
5.9
EPSS Score
0.6622
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 61673
CVE CVE-2013-3175
MSKB 2849470
XREF MSFT:MS13-062
XREF IAVA:2013-A-0163
Plugin Information
Published: 2013/08/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2849470
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18205
70335 - MS13-083: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)
-
Synopsis
A library on the remote Windows host has an integer overflow vulnerability.
Description
The remote host has an integer overflow vulnerability in the Windows Common Control Library. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this vulnerability without authentication to run arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, XP, Vista, 2008, 7, 2008 R2, 8, 2012, and Server Core installation option.
Risk Factor
Critical
VPR Score
5.9
EPSS Score
0.6298
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 62801
CVE CVE-2013-3195
MSKB 2864058
XREF MSFT:MS13-083
XREF IAVA:2013-A-0189
Plugin Information
Published: 2013/10/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2864058
- C:\Windows\system32\Comctl32.dll has not been patched.
Remote version : 5.82.7601.17514
Should be : 5.82.7601.18201
73805 - MS14-021: Security Update for Internet Explorer (2965111)
-
Synopsis
The remote host has a web browser that is affected by a memory corruption vulnerability.
Description
The remote host is missing Internet Explorer (IE) Security Update 2965111.

The installed version of IE is affected by a memory corruption vulnerability that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.7849
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 67075
CVE CVE-2014-1776
MSKB 2964358
MSKB 2964444
XREF CERT:222929
XREF MSFT:MS14-021
XREF CISA-KNOWN-EXPLOITED:2022/07/28
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/05/01, Modified: 2024/11/13
Plugin Output

tcp/445/cifs



KB : 2964358
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18446
73985 - MS14-026: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by a privilege escalation vulnerability.
Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to the way that .NET Framework handles TypeFilterLevel checks for some malformed objects.

Note that this vulnerability only affects applications that use .NET Remoting.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.
Risk Factor
Critical
VPR Score
6.7
EPSS Score
0.2675
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 67286
CVE CVE-2014-1806
MSKB 2931352
MSKB 2931354
MSKB 2931356
MSKB 2931357
MSKB 2931358
MSKB 2931365
MSKB 2931366
MSKB 2931367
MSKB 2931368
MSKB 2932079
XREF EDB-ID:35280
XREF MSFT:MS14-026
Plugin Information
Published: 2014/05/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5483

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34108
74427 - MS14-035: Cumulative Security Update for Internet Explorer (2969262)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2969262.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
Critical
VPR Score
8.9
EPSS Score
0.7156
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 67295
BID 67511
BID 67518
BID 67544
BID 67827
BID 67831
BID 67833
BID 67834
BID 67835
BID 67836
BID 67838
BID 67839
BID 67840
BID 67841
BID 67842
BID 67843
BID 67845
BID 67846
BID 67847
BID 67848
BID 67849
BID 67850
BID 67851
BID 67852
BID 67854
BID 67855
BID 67856
BID 67857
BID 67858
BID 67859
BID 67860
BID 67861
BID 67862
BID 67864
BID 67866
BID 67867
BID 67869
BID 67871
BID 67873
BID 67874
BID 67875
BID 67876
BID 67877
BID 67878
BID 67879
BID 67880
BID 67881
BID 67882
BID 67883
BID 67884
BID 67885
BID 67886
BID 67887
BID 67889
BID 67890
BID 67891
BID 67892
BID 67915
BID 68101
CVE CVE-2014-0282
CVE CVE-2014-1762
CVE CVE-2014-1764
CVE CVE-2014-1766
CVE CVE-2014-1769
CVE CVE-2014-1770
CVE CVE-2014-1771
CVE CVE-2014-1772
CVE CVE-2014-1773
CVE CVE-2014-1774
CVE CVE-2014-1775
CVE CVE-2014-1777
CVE CVE-2014-1778
CVE CVE-2014-1779
CVE CVE-2014-1780
CVE CVE-2014-1781
CVE CVE-2014-1782
CVE CVE-2014-1783
CVE CVE-2014-1784
CVE CVE-2014-1785
CVE CVE-2014-1786
CVE CVE-2014-1788
CVE CVE-2014-1789
CVE CVE-2014-1790
CVE CVE-2014-1791
CVE CVE-2014-1792
CVE CVE-2014-1794
CVE CVE-2014-1795
CVE CVE-2014-1796
CVE CVE-2014-1797
CVE CVE-2014-1799
CVE CVE-2014-1800
CVE CVE-2014-1802
CVE CVE-2014-1803
CVE CVE-2014-1804
CVE CVE-2014-1805
CVE CVE-2014-2753
CVE CVE-2014-2754
CVE CVE-2014-2755
CVE CVE-2014-2756
CVE CVE-2014-2757
CVE CVE-2014-2758
CVE CVE-2014-2759
CVE CVE-2014-2760
CVE CVE-2014-2761
CVE CVE-2014-2763
CVE CVE-2014-2764
CVE CVE-2014-2765
CVE CVE-2014-2766
CVE CVE-2014-2767
CVE CVE-2014-2768
CVE CVE-2014-2769
CVE CVE-2014-2770
CVE CVE-2014-2771
CVE CVE-2014-2772
CVE CVE-2014-2773
CVE CVE-2014-2775
CVE CVE-2014-2776
CVE CVE-2014-2777
CVE CVE-2014-2782
MSKB 2957689
MSKB 2963950
XREF CERT:239151
XREF EDB-ID:33860
XREF EDB-ID:35213
XREF MSFT:MS14-035
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/06/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2957689
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18472
78432 - MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by a denial of service vulnerability.
Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to to execute code remotely.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.
Risk Factor
Critical
VPR Score
5.9
EPSS Score
0.4252
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
BID 70312
BID 70313
BID 70351
CVE CVE-2014-4073
CVE CVE-2014-4121
CVE CVE-2014-4122
MSKB 2968292
MSKB 2968294
MSKB 2968295
MSKB 2968296
MSKB 2972098
MSKB 2972100
MSKB 2972101
MSKB 2972103
MSKB 2972105
MSKB 2972106
MSKB 2972107
MSKB 2978041
MSKB 2978042
MSKB 2979568
MSKB 2979570
MSKB 2979571
MSKB 2979573
MSKB 2979574
MSKB 2979575
MSKB 2979576
MSKB 2979577
MSKB 2979578
XREF MSFT:MS14-057
Plugin Information
Published: 2014/10/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5485

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34238

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll has not been patched.
Remote version : 2.0.50727.4927
Should be : 2.0.50727.5488

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34244
79127 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Critical
VPR Score
7.4
EPSS Score
0.9327
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 70954
CVE CVE-2014-6321
MSKB 2992611
XREF CERT:505120
XREF MSFT:MS14-066
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/11/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2992611
- C:\Windows\system32\Schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18606
82771 - MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
-
Synopsis
The remote Windows host is affected by a vulnerability in the HTTP protocol stack.
Description
The version of Windows running on the remote host is affected a vulnerability in the HTTP protocol stack (HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 8.1, 2012, and 2012 R2
Risk Factor
Critical
VPR Score
8.9
EPSS Score
0.9431
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 74013
CVE CVE-2015-1635
MSKB 3042553
XREF MSFT:MS15-034
XREF IAVA:2015-A-0092
XREF CISA-KNOWN-EXPLOITED:2022/08/10
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/04/14, Modified: 2022/02/11
Plugin Output

tcp/445/cifs



KB : 3042553
- C:\Windows\system32\drivers\http.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18772
86367 - MS15-106: Cumulative Security Update for Internet Explorer (3096441)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3096441. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.641
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 76982
BID 76984
BID 76986
BID 76987
BID 76991
BID 76992
BID 76993
BID 76995
BID 77000
BID 77002
BID 77005
BID 77006
BID 77007
BID 77010
CVE CVE-2015-2482
CVE CVE-2015-6042
CVE CVE-2015-6044
CVE CVE-2015-6045
CVE CVE-2015-6046
CVE CVE-2015-6047
CVE CVE-2015-6048
CVE CVE-2015-6049
CVE CVE-2015-6050
CVE CVE-2015-6051
CVE CVE-2015-6052
CVE CVE-2015-6053
CVE CVE-2015-6055
CVE CVE-2015-6056
CVE CVE-2015-6059
CVE CVE-2015-6184
MSKB 3093983
MSKB 3105210
XREF MSFT:MS15-106
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/10/13, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3093983
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.19003
87253 - MS15-124: Cumulative Security Update for Internet Explorer (3116180)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Refer to KB3125869 for additional information.
Risk Factor
High
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4459
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 78481
BID 78482
BID 78483
BID 78484
BID 78485
BID 78486
BID 78487
BID 78488
BID 78489
BID 78490
BID 78491
BID 78492
BID 78494
BID 78495
BID 78507
BID 78508
BID 78526
BID 78527
BID 78528
BID 78529
BID 78530
BID 78531
BID 78532
BID 78533
BID 78534
BID 78535
BID 78536
BID 78537
BID 78538
BID 78540
CVE CVE-2015-6083
CVE CVE-2015-6134
CVE CVE-2015-6135
CVE CVE-2015-6136
CVE CVE-2015-6138
CVE CVE-2015-6139
CVE CVE-2015-6140
CVE CVE-2015-6141
CVE CVE-2015-6142
CVE CVE-2015-6143
CVE CVE-2015-6144
CVE CVE-2015-6145
CVE CVE-2015-6146
CVE CVE-2015-6147
CVE CVE-2015-6148
CVE CVE-2015-6149
CVE CVE-2015-6150
CVE CVE-2015-6151
CVE CVE-2015-6152
CVE CVE-2015-6153
CVE CVE-2015-6154
CVE CVE-2015-6155
CVE CVE-2015-6156
CVE CVE-2015-6157
CVE CVE-2015-6158
CVE CVE-2015-6159
CVE CVE-2015-6160
CVE CVE-2015-6161
CVE CVE-2015-6162
CVE CVE-2015-6164
MSKB 3104002
MSKB 3116869
MSKB 3116900
MSKB 3125869
XREF MSFT:MS15-124
Plugin Information
Published: 2015/12/08, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3104002
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.19058
87890 - MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist due to improper validation of user-supplied input before loading DLL files. A local attacker can exploit these, via a crafted application, to elevate their privileges and take control of the affected system. (CVE-2016-0014, CVE-2016-0020)

- A remote code execution vulnerability exists in DirectShow due to improper validation of user-supplied input. A remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user, resulting in taking control of the affected system.
(CVE-2016-0015)

- Multiple remote code execution vulnerabilities exist due to improper validation of user-supplied input before loading DLL files. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code. (CVE-2016-0016, CVE-2016-0018)

- A security bypass vulnerability exists in the Windows Remote Desktop Protocol (RDP) due to a failure to prevent remote logons to accounts that have no passwords set. A remote attacker can exploit this, by using an older version of the RDP client to connect to a Windows 10 host, to generate a list of user accounts.
(CVE-2016-0019)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.6698
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 79896
BID 79900
BID 79902
BID 79906
BID 79908
BID 79909
CVE CVE-2016-0014
CVE CVE-2016-0015
CVE CVE-2016-0016
CVE CVE-2016-0018
CVE CVE-2016-0019
CVE CVE-2016-0020
MSKB 3108664
MSKB 3109560
MSKB 3110329
MSKB 3121461
MSKB 3121918
MSKB 3124263
MSKB 3124266
MSKB 3124901
XREF MSFT:MS16-007
XREF IAVA:2016-A-0014
Plugin Information
Published: 2016/01/13, Modified: 2025/02/18
Plugin Output

tcp/445/cifs



KB : 3108664
- C:\Windows\system32\fixmapi.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19073

KB : 3121918
- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.19091

KB : 3121918
- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.19091
The remote host is missing MS16-001.
89757 - MS16-035: Security Update for .NET Framework to Address Security Feature Bypass (3141780)
-
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a security feature bypass vulnerability in the .NET Framework due to improper validation of certain elements in a signed XML document. An attacker can exploit this vulnerability to modify the contents of an XML file without invalidating the signature associated with the file.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, 4.6, and 4.6.1.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3265
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 84075
CVE CVE-2016-0132
MSKB 3135998
MSKB 3135997
MSKB 3136000
MSKB 3135994
MSKB 3135995
MSKB 3135996
MSKB 3135983
MSKB 3135985
MSKB 3135991
MSKB 3135989
MSKB 3135984
MSKB 3135988
MSKB 3135987
MSKB 3135982
XREF MSFT:MS16-035
XREF IAVA:2016-A-0068-S
Plugin Information
Published: 2016/03/08, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.security.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5496
91600 - MS16-072: Security Update for Group Policy (3163622)
-
Synopsis
The remote host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to a lack of Kerberos authentication for certain calls over LDAP when processing group policy updates. A man-in-the-middle attacker can exploit this vulnerability to create arbitrary group policies and grant a standard user elevated, administrative privileges.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.548
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 91119
CVE CVE-2016-3223
MSKB 3159398
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-072
XREF IAVA:2016-A-0155
Plugin Information
Published: 2016/06/14, Modified: 2025/02/18
Plugin Output

tcp/445/cifs



KB : 3159398
- C:\Windows\system32\gpprefcl.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23452
91605 - MS16-077: Security Update for WPAD (3165191)
-
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities :

- An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of the proxy discovery process. A remote attacker can exploit this, by responding to NetBIOS name requests for WPAD, to bypass security restrictions and gain elevated privileges. (CVE-2016-3213)

- An elevation of privilege vulnerability exists in the Web Proxy Auto Discovery (WPAD) protocol due to improper handling of certain proxy discovery scenarios. A remote attacker can exploit this to elevate privileges, resulting in the ability to disclose or control network traffic. (CVE-2016-3236)

- An elevation of privilege vulnerability exists in NetBIOS due to improper handling of responses. A remote attacker can exploit this, via specially crafted NetBIOS responses, to appear as a trusted network device, resulting in the ability to render untrusted content in a browser outside of Enhanced Protected Mode (EPM) or an application container. (CVE-2016-3299)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Note that cumulative update 3160005 in MS16-063 must also be installed in order to fully resolve CVE-2016-3213.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.7831
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 91111
BID 91114
BID 92387
CVE CVE-2016-3213
CVE CVE-2016-3236
CVE CVE-2016-3299
MSKB 3163017
MSKB 3161949
MSKB 3163018
XREF MSFT:MS16-077
XREF IAVA:2016-A-0157
Exploitable With
Core Impact (true)
Plugin Information
Published: 2016/06/14, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3161949
- C:\Windows\system32\ws2_32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23451
92018 - MS16-087: Security Update for Windows Print Spooler (3170005)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network servers. An unauthenticated, remote attacker can exploit this vulnerability, via a man-in-the-middle attack on a workstation or print server or via a rogue print server, to execute arbitrary code in the context of the current user. (CVE-2016-3238)

- An elevation of privilege vulnerability exists in the Windows Print Spooler service due to improperly allowing arbitrary writing to the file system. An attacker can exploit this issue, via a specially crafted script or application, to execute arbitrary code with elevated system privileges. (CVE-2016-3239)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1605
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 91609
BID 91612
CVE CVE-2016-3238
CVE CVE-2016-3239
MSKB 3170455
MSKB 4038777
MSKB 4038779
MSKB 4038781
MSKB 4038782
MSKB 4038783
MSKB 4038786
MSKB 4038792
MSKB 4038793
MSKB 4038799
XREF MSFT:MS16-087
XREF IAVA:2016-A-0181
Plugin Information
Published: 2016/07/12, Modified: 2025/02/18
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4038777
- 4038779

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23889
94017 - MS16-120: Security Update for Microsoft Graphics Component (3192884)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to predict memory offsets in a call stack and bypass the Address Space Layout Randomization (ASLR) feature, resulting in the disclosure of memory contents.
(CVE-2016-3209, CVE-2016-3262, CVE-2016-3263)

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode.
(CVE-2016-3270)

- A remote code execution vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-3393)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document file, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3396)
- An elevation of privilege vulnerability exists in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit this to elevate privileges and execute code in kernel mode.
(CVE-2016-7182)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET Framework 3.0 SP2, .NET Framework 3.5, .NET Framework 3.5.1, .NET Framework 4.5.2, .NET Framework 4.6, and Silverlight 5.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4083
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93377
BID 93380
BID 93385
BID 93390
BID 93394
BID 93395
BID 93403
CVE CVE-2016-3209
CVE CVE-2016-3262
CVE CVE-2016-3263
CVE CVE-2016-3270
CVE CVE-2016-3393
CVE CVE-2016-3396
CVE CVE-2016-7182
MSKB 3191203
MSKB 3192391
MSKB 3185330
MSKB 3192392
MSKB 3185331
MSKB 3192393
MSKB 3185332
MSKB 3192440
MSKB 3192441
MSKB 3194798
MSKB 3188726
MSKB 3189039
MSKB 3189040
MSKB 3188730
MSKB 3188732
MSKB 3188731
MSKB 3188735
MSKB 3189051
MSKB 3189052
MSKB 3188740
MSKB 3188743
MSKB 3188741
MSKB 3118301
MSKB 3118317
MSKB 3118394
MSKB 3118327
MSKB 3118348
MSKB 3188397
MSKB 3188399
MSKB 3188400
MSKB 3189647
MSKB 3193713
XREF MSFT:MS16-120
XREF IAVA:2016-A-0278-S
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2016/10/12, Modified: 2022/05/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3192391
- 3185330

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23564

90192 - ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE
-
Synopsis
The remote web server contains a Java-based web application that is affected by multiple remote code execution vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :

- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges. (CVE-2015-82001)

- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute arbitrary code. No further details are available.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 9 build 91100 or later.
Risk Factor
Critical
VPR Score
7.3
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-82001
XREF TRA:TRA-2015-07
Plugin Information
Published: 2016/03/25, Modified: 2019/11/19
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9 Build 91084
Fixed version : 9 Build 91100

90192 - ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE
-
Synopsis
The remote web server contains a Java-based web application that is affected by multiple remote code execution vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :

- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges. (CVE-2015-82001)

- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute arbitrary code. No further details are available.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 9 build 91100 or later.
Risk Factor
Critical
VPR Score
7.3
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-82001
XREF TRA:TRA-2015-07
Plugin Information
Published: 2016/03/25, Modified: 2019/11/19
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9 Build 91084
Fixed version : 9 Build 91100

90192 - ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE
-
Synopsis
The remote web server contains a Java-based web application that is affected by multiple remote code execution vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :

- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges. (CVE-2015-82001)

- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute arbitrary code. No further details are available.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 9 build 91100 or later.
Risk Factor
Critical
VPR Score
7.3
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-82001
XREF TRA:TRA-2015-07
Plugin Information
Published: 2016/03/25, Modified: 2019/11/19
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9 Build 91084
Fixed version : 9 Build 91100

139377 - ManageEngine Desktop Central < 10 Build 10.0.533 Integer Overflow
-
Synopsis
The remote web server contains a Java-based web application that is affected by an integer overflow vulnerability.
Description
The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.533. It is, therefore, affected by an integer overflow condition due to improper handling of header values. An unauthenticated, remote attacker can exploit this, by sending specially crafted HTTP requests, to cause a denial of service condition or the execution of arbitrary code.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 10.0.533 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0598
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-15588
XREF IAVA:2020-A-0350-S
Plugin Information
Published: 2020/08/06, Modified: 2022/05/02
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9 build 91084
Fixed version : 10 Build 10.0.533

139377 - ManageEngine Desktop Central < 10 Build 10.0.533 Integer Overflow
-
Synopsis
The remote web server contains a Java-based web application that is affected by an integer overflow vulnerability.
Description
The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.533. It is, therefore, affected by an integer overflow condition due to improper handling of header values. An unauthenticated, remote attacker can exploit this, by sending specially crafted HTTP requests, to cause a denial of service condition or the execution of arbitrary code.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 10.0.533 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0598
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-15588
XREF IAVA:2020-A-0350-S
Plugin Information
Published: 2020/08/06, Modified: 2022/05/02
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9 build 91084
Fixed version : 10 Build 10.0.533

139377 - ManageEngine Desktop Central < 10 Build 10.0.533 Integer Overflow
-
Synopsis
The remote web server contains a Java-based web application that is affected by an integer overflow vulnerability.
Description
The ManageEngine Desktop Central application running on the remote host is prior to version 10 build 10.0.533. It is, therefore, affected by an integer overflow condition due to improper handling of header values. An unauthenticated, remote attacker can exploit this, by sending specially crafted HTTP requests, to cause a denial of service condition or the execution of arbitrary code.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 10.0.533 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0598
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-15588
XREF IAVA:2020-A-0350-S
Plugin Information
Published: 2020/08/06, Modified: 2022/05/02
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9 build 91084
Fixed version : 10 Build 10.0.533

148038 - ManageEngine Desktop Central < 10.0.647 Multiple Vulnerabilities
-
Synopsis
The Windows host contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the Windows host is prior to version 10 build 10.0.647. It is, therefore, affected by multiple vulnerabilities, including the following:

- Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. (CVE-2020-28050)

- A stored cross-site scripting vulnerability in the Inventory section due to improper validation of user-supplied input.

- Improper authorization handling of agent data posted to the server.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 10.0.647 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.2
EPSS Score
0.016
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-28050
XREF IAVA:2021-A-0145-S
Plugin Information
Published: 2021/03/24, Modified: 2021/12/10
Plugin Output

tcp/445/cifs


Path : C:\ManageEngine\DesktopCentral_Server
Installed version : 9.1.0
Fixed version : 10.0.647 (10 build 100647)
155865 - ManageEngine Desktop Central < 10.1.2127.18 / 10.1.2128.0 < 10.1.2137.3 Authentication Bypass (CVE-2021-44515)
-
Synopsis
The remote web server contains a Java-based web application that is affected by an authentication bypass vulnerability.
Description
The ManageEngine Desktop Central application running on the remote host is prior to 10.1.2127.18, or 10.1.2128.0 prior to 10.1.2137.3. It is, therefore, affected by an authentication bypass vulnerability which can allow an adversary to bypass authentication and execute arbitrary code in the Desktop Central server.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central 10.1.2127.18 / 10.1.2137.3 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.9436
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-44515
XREF IAVA:2021-A-0570-S
XREF CISA-KNOWN-EXPLOITED:2021/12/24
XREF CEA-ID:CEA-2021-0050
Plugin Information
Published: 2021/12/06, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


Path : C:\ManageEngine\DesktopCentral_Server
Installed version : 9.1.0
Fixed version : 10.1.2127.18
156790 - ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (CVE-2021-44757)
-
Synopsis
The remote web server contains a Java-based web application that is affected by an authentication bypass vulnerability.
Description
The ManageEngine Desktop Central application running on the remote host is affected by an authentication bypass vulnerability which allows an adversary to bypass authentication and read unauthorized data or write an arbitrary zip file on the Desktop Central server.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
See vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.2
EPSS Score
0.3857
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-44757
XREF IAVA:2022-A-0040
XREF CEA-ID:CEA-2022-0003
Plugin Information
Published: 2022/01/18, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


Path : C:\ManageEngine\DesktopCentral_Server
Installed version : 9.1.0
Fixed version : 10.1.2137.9
72704 - Microsoft .NET Framework Unsupported
-
Synopsis
An unsupported software framework is installed on the remote Windows host.
Description
According to its self-reported version number, there is at least one version of Microsoft .NET Framework installed on the remote Windows host that is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of the Microsoft .NET Framework that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0552
Plugin Information
Published: 2014/02/26, Modified: 2024/03/29
Plugin Output

tcp/445/cifs


The following Microsoft .NET Framework versions are no longer
supported :


Installed version : Microsoft .NET Framework v4.5.1
EOL date : January 12, 2016
EOL URL : https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-framework
Supported versions : 3.5 / 4.6.2 / 4.7 / 4.7.1 / 4.7.2/ 4.8

Installed version : Microsoft .NET Framework v2.0.50727
EOL date : April 12, 2016
EOL URL : https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-framework
Supported versions : 3.5 / 4.6.2 / 4.7 / 4.7.1 / 4.7.2/ 4.8
22024 - Microsoft Internet Explorer Unsupported Version Detection
-
Synopsis
The remote host contains an unsupported version of Internet Explorer.
Description
According to its self-reported version number, the installation of Microsoft Internet Explorer on the remote Windows host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Either Upgrade to a version of Internet Explorer that is currently supported or disable Internet Explorer on the target device.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0557
Plugin Information
Published: 2006/07/11, Modified: 2025/07/24
Plugin Output

tcp/445/cifs


The remote host has Internet Explorer version 8.0.7601.17514 installed, which is no longer supported.

The InternetExplorerIntegrationReloadInIEModeAllowed (Mandatory) and (Recommended) policies are not configured
which means users can render content in IE Mode.

125313 - Microsoft RDP RCE (CVE-2019-0708) (BlueKeep) (uncredentialed check)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote host is affected by a remote code execution vulnerability in Remote Desktop Protocol (RDP). An unauthenticated, remote attacker can exploit this, via a series of specially crafted requests, to execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, 2008, 7, and 2008 R2.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9446
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 108273
CVE CVE-2019-0708
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CEA-ID:CEA-2020-0129
XREF CEA-ID:CEA-2019-0326
XREF CEA-ID:CEA-2019-0700
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2019/05/22, Modified: 2025/09/29
Plugin Output

tcp/3389/msrdp

192782 - Microsoft Windows Server 2008 SEoL
-
Synopsis
An unsupported version of Microsoft Windows is installed on the remote host.
Description
Microsoft Windows Server 2008 is no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Microsoft Windows that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2024/04/02, Modified: 2025/01/10
Plugin Output

tcp/0


OS : Microsoft Windows Server 2008 R2
Security End of Life : January 14, 2020
Time since Security End of Life (Est.) : >= 6 years

134942 - Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability (ADV200006)
-
Synopsis
The remote Windows host is affected by a font parsing vulnerability.
Description
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Note that Microsoft does not recommend that IT administrators running Windows 10 implement the workarounds described in ADV200006. Please see the vendor advisory for more information.
See Also
Solution
Microsoft has provided additional details and guidance in the ADV200006 advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2020/03/26, Modified: 2020/04/17
Plugin Output

tcp/445/cifs

File checked:
C:\Windows\System32\atmfd.dll: not renamed

Registry value checked:
Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD: NULL

118233 - MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The version of MySQL running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to MySQL version 5.5.62 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0923
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2018/10/19, Modified: 2021/05/21
Plugin Output

tcp/0


Path : c:\wamp\bin\mysql\mysql5.5.20\bin\
Installed version : 5.5.20.0
Fixed version : 5.5.62

124198 - Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 221, 8 Update 211, 11 Update 3, or 12 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D
- Libraries
- RMI
- Windows DLL

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 12 Update 1 , 11 Update 3, 8 Update 211 / 7 Update 221 or later. If necessary, remove any affected versions.
Risk Factor
Medium
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.1181
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 107911
BID 107915
BID 107917
BID 107918
BID 107922
CVE CVE-2019-2602
CVE CVE-2019-2684
CVE CVE-2019-2697
CVE CVE-2019-2698
CVE CVE-2019-2699
Plugin Information
Published: 2019/04/19, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.211 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.211 or greater
130011 - Oracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D
- Libraries
- Kerberos
- Networking
- JavaFX
- Hotspot
- Scripting
- Javadoc
- Deployment
- Concurrency
- JAXP
- Serialization
- Security

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 13 Update 1, 11 Update 5, 8 Update 231 / 7 Update 241 or later. If necessary, remove any affected versions.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0247
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2019/10/17, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.231 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.231 or greater
234624 - Oracle Java SE Multiple Vulnerabilities (April 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory.

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (gstreamer)). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-47606)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u441; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-54534)

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.14 and 21.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data. (CVE-2025-23083)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the April 2025 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0067
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/04/18, Modified: 2025/08/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.451 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.451 or greater
111163 - Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components :

- Concurrency. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2952)

- Deployment. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2964)

- JSSE. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2973)

- Java DB. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2938)

- JavaFX. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2941)

- Libraries. An easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2940)

- Security. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2972)

- Windows DLL. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 10 Update 2, 8 Update 181 / 7 Update 191 / 6 Update 201 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.5
EPSS Score
0.0183
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 104765
BID 104768
BID 104773
BID 104774
BID 104775
BID 104780
BID 104781
BID 104782
CVE CVE-2018-2938
CVE CVE-2018-2940
CVE CVE-2018-2941
CVE CVE-2018-2942
CVE CVE-2018-2952
CVE CVE-2018-2964
CVE CVE-2018-2972
CVE CVE-2018-2973
Plugin Information
Published: 2018/07/20, Modified: 2025/01/27
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.181 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.181 or greater
111162 - Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix)
-
Synopsis
The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components :

- Concurrency. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2952)

- Deployment. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2964)

- JSSE. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2973)

- Java DB. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2938)

- JavaFX. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2941)

- Libraries. An easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2940)

- Security. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2972)

- Windows DLL. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 10 Update 2, 8 Update 181 / 7 Update 191 / 6 Update 201 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.5
EPSS Score
0.0183
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 104765
BID 104768
BID 104773
BID 104774
BID 104775
BID 104780
BID 104782
CVE CVE-2018-2938
CVE CVE-2018-2940
CVE CVE-2018-2941
CVE CVE-2018-2952
CVE CVE-2018-2964
CVE CVE-2018-2972
CVE CVE-2018-2973
Plugin Information
Published: 2018/07/20, Modified: 2024/06/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.181 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.181 or greater
242293 - Oracle Java SE Multiple Vulnerabilities (July 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: JavaFX (libxml2)). Supported versions that are affected are Oracle Java SE: 8u451-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2024-40896)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2025-30749)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-50059)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2025 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0023
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/07/18, Modified: 2026/01/21
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.461 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.461 or greater
103963 - Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D (Little CMS 2)
- Deployment
- Hotspot
- JAX-WS
- JAXP
- Javadoc
- Libraries
- Networking
- RMI
- Security
- Serialization
- Smart Card IO
- Util (zlib)
See Also
Solution
Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 / 6 Update 171 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.1898
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 101315
BID 101319
BID 101321
BID 101328
BID 101333
BID 101338
BID 101341
BID 101348
BID 101354
BID 101355
BID 101369
BID 101378
BID 101382
BID 101384
BID 101396
BID 101413
CVE CVE-2016-9841
CVE CVE-2016-10165
CVE CVE-2017-10274
CVE CVE-2017-10281
CVE CVE-2017-10285
CVE CVE-2017-10293
CVE CVE-2017-10295
CVE CVE-2017-10309
CVE CVE-2017-10345
CVE CVE-2017-10346
CVE CVE-2017-10347
CVE CVE-2017-10348
CVE CVE-2017-10349
CVE CVE-2017-10350
CVE CVE-2017-10355
CVE CVE-2017-10356
CVE CVE-2017-10357
CVE CVE-2017-10388
Plugin Information
Published: 2017/10/19, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.151 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.151 or greater
103964 - Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)
-
Synopsis
The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D (Little CMS 2)
- Deployment
- Hotspot
- JAX-WS
- JAXP
- Javadoc
- Libraries
- Networking
- RMI
- Security
- Serialization
- Smart Card IO
- Util (zlib)
See Also
Solution
Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 / 6 Update 171 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.1898
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 101315
BID 101319
BID 101321
BID 101328
BID 101333
BID 101338
BID 101341
BID 101348
BID 101354
BID 101355
BID 101369
BID 101378
BID 101382
BID 101384
BID 101396
BID 101413
CVE CVE-2016-9841
CVE CVE-2016-10165
CVE CVE-2017-10274
CVE CVE-2017-10281
CVE CVE-2017-10285
CVE CVE-2017-10293
CVE CVE-2017-10295
CVE CVE-2017-10309
CVE CVE-2017-10345
CVE CVE-2017-10346
CVE CVE-2017-10347
CVE CVE-2017-10348
CVE CVE-2017-10349
CVE CVE-2017-10350
CVE CVE-2017-10355
CVE CVE-2017-10356
CVE CVE-2017-10357
CVE CVE-2017-10388
Plugin Information
Published: 2017/10/19, Modified: 2024/06/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.151 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.151 or greater
118228 - Oracle Java SE Multiple Vulnerabilities (October 2018 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11 Update 1, 8 Update 191, 7 Update 201, or 6 Update 211. It is, therefore, affected by multiple vulnerabilities related to the following components :

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Deployment (libpng) subcomponent could allow an unauthenticated, remote attacker with network access via HTTP to compromise Java SE, Java SE Embedded. (CVE-2018-13785)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Hotspot subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3169)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the JavaFX subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3209)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JNDI subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.
(CVE-2018-3149)
- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JSSE subcomponent could allow an unauthenticated, remote attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit.
(CVE-2018-3180)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
(CVE-2018-3139)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the Scripting subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. (CVE-2018-3183)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Security subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3136)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Serviceability subcomponent could allow a low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. (CVE-2018-3211)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Sound subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3157)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Utility subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3150)

Please consult the CVRF details for the applicable CVEs for additional information.

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 11 Update 1, 8 Update 191 / 7 Update 201 / 6 Update 211 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0225
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105587
BID 105590
BID 105591
BID 105595
BID 105597
BID 105599
BID 105601
BID 105602
BID 105608
BID 105615
BID 105617
BID 105622
CVE CVE-2018-3136
CVE CVE-2018-3139
CVE CVE-2018-3149
CVE CVE-2018-3150
CVE CVE-2018-3157
CVE CVE-2018-3169
CVE CVE-2018-3180
CVE CVE-2018-3183
CVE CVE-2018-3209
CVE CVE-2018-3211
CVE CVE-2018-3214
CVE CVE-2018-13785
Plugin Information
Published: 2018/10/19, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.191 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.191 or greater
118227 - Oracle Java SE Multiple Vulnerabilities (October 2018 CPU) (Unix)
-
Synopsis
The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11 Update 1, 8 Update 191, 7 Update 201, or 6 Update 211. It is, therefore, affected by multiple vulnerabilities :

- An unspecified vulnerability in the Java SE Embedded component of Oracle Java SE in the Deployment (libpng) subcomponent could allow an unauthenticated, remote attacker with network access via HTTP to compromise Java SE. (CVE-2018-13785)
- An unspecified vulnerability in the Java SE Embedded component of Oracle Java SE in the Hotspot subcomponent that could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE (CVE-2018-3169)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the JavaFX subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3209)

- An unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit component of Oracle Java SE in the JNDI subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, and JRockit. (CVE-2018-3149)
- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the JSSE subcomponent could allow an unauthenticated, remote attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, or JRockit.
(CVE-2018-3180)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE or Java SE Embedded. (CVE-2018-3139)

- An unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE in the Scripting subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, or JRockit. (CVE-2018-3183)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Security subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. (CVE-2018-3136)

- An unspecified vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE in the Serviceability subcomponent could allow a low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. (CVE-2018-3211)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Sound subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3157)

- An unspecified vulnerability in the Java SE component of Oracle Java SE in the Utility subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2018-3150)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 11 Update 1, 8 Update 191 / 7 Update 201 / 6 Update 211 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0225
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 105587
BID 105590
BID 105591
BID 105595
BID 105597
BID 105599
BID 105601
BID 105602
BID 105608
BID 105615
BID 105617
BID 105622
CVE CVE-2018-3136
CVE CVE-2018-3139
CVE CVE-2018-3149
CVE CVE-2018-3150
CVE CVE-2018-3157
CVE CVE-2018-3169
CVE CVE-2018-3180
CVE CVE-2018-3183
CVE CVE-2018-3209
CVE CVE-2018-3211
CVE CVE-2018-3214
CVE CVE-2018-13785
Plugin Information
Published: 2018/10/19, Modified: 2024/06/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.191 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.191 or greater

60085 - PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities :

- An unspecified overflow vulnerability exists in the function '_php_stream_scandir' in the file 'main/streams/streams.c'. (CVE-2012-2688)

- An unspecified error exists that can allow the 'open_basedir' constraint to be bypassed.
(CVE-2012-3365)
See Also
Solution
Upgrade to PHP version 5.3.15 or later.
Risk Factor
Critical
VPR Score
5.9
EPSS Score
0.4225
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
BID 54612
BID 54638
CVE CVE-2012-2688
CVE CVE-2012-3365
Plugin Information
Published: 2012/07/20, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.15
58987 - PHP Unsupported Version Detection
-
Synopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of PHP that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0581
Plugin Information
Published: 2012/05/04, Modified: 2025/10/29
Plugin Output

tcp/8585/www


Source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
End of support date : 2014/08/14
Announcement : http://php.net/eol.php
Supported versions : 8.1.x / 8.2.x / 8.3.x / 8.4.x

108797 - Unsupported Windows OS (remote)
-
Synopsis
The remote OS or service pack is no longer supported.
Description
The remote version of Microsoft Windows is either missing a service pack or is no longer supported. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a supported service pack or operating system
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
XREF IAVA:0001-A-0501
Plugin Information
Published: 2018/04/03, Modified: 2025/10/21
Plugin Output

tcp/0


The following Windows version is installed and not supported:

Microsoft Windows Server 2008 R2 Standard Service Pack 1

101367 - Windows 7 and Windows Server 2008 R2 July 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4025337 or cumulative update 4025341. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can exploit this, by convincing a user to create a Data Collector Set and import a specially crafted XML file, to disclose arbitrary files via an XML external entity (XXE) declaration. (CVE-2017-0170)

- A remote code execution vulnerability exists in Windows Explorer due to improper handling of executable files and shares during rename operations. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8463)

- An elevation of privilege vulnerability exists in the Microsoft Graphics component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8467)

- An information disclosure vulnerability exists in Win32k due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information.
(CVE-2017-8486)

- A security bypass vulnerability exists in Microsoft Windows when handling Kerberos ticket exchanges due to a failure to prevent tampering with the SNAME field. A man-in-the-middle attacker can exploit this to bypass the Extended Protection for Authentication security feature. (CVE-2017-8495)

- An elevation of privilege vulnerability exists in the Microsoft Graphics component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8556)

- An information disclosure vulnerability exists in the Windows System Information Console due to improper parsing of XML input that contains a reference to an external entity. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to disclose arbitrary files via an XML external entity (XXE) declaration.
(CVE-2017-8557)

- An elevation of privilege vulnerability exists in Windows due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. An authenticated, remote attacker can exploit this, via an application that sends specially crafted traffic to a domain controller, to run processes in an elevated context. (CVE-2017-8563)

- An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass Kernel Address Space Layout Randomization (KASLR) and disclose the base address of the kernel driver.
(CVE-2017-8564)

- A remote code execution vulnerability exists in PowerShell when handling a PSObject that wraps a CIM instance. An authenticated, remote attacker can exploit this, via a specially crafted script, to execute arbitrary code in a PowerShell remote session.
(CVE-2017-8565)

- An elevation of privilege vulnerability exists in the Microsoft Graphics component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8573)

- An elevation of privilege vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8577)

- An elevation of privilege vulnerability exists in the Microsoft Graphics component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8578)

- An elevation of privilege vulnerability exists in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-8580)

- An elevation of privilege vulnerability exists in Windows due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.
(CVE-2017-8581)

- An information disclosure vulnerability exists in the HTTP.sys server application component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information.
(CVE-2017-8582)

- A denial of service vulnerability exists in Windows Explorer that is triggered when Explorer attempts to open a non-existent file. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a user's system to stop responding. (CVE-2017-8587)

- A remote code execution vulnerability exists in WordPad due to improper parsing of specially crafted files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-8588)

- A remote code execution vulnerability exists in the Windows Search component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by sending specially crafted messages to the Windows Search service, to elevate privileges and execute arbitrary code. (CVE-2017-8589)

- An elevation of privilege vulnerability exists in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8590)

- A security bypass vulnerability exists in Microsoft browsers due to improper handling of redirect requests.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass CORS redirect restrictions. (CVE-2017-8592)
See Also
Solution
Apply Security Only update KB4025337 or Cumulative update KB4025341.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3557
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 99387
BID 99389
BID 99394
BID 99396
BID 99398
BID 99400
BID 99402
BID 99409
BID 99413
BID 99414
BID 99416
BID 99419
BID 99421
BID 99423
BID 99424
BID 99425
BID 99427
BID 99428
BID 99429
BID 99431
BID 99439
CVE CVE-2017-0170
CVE CVE-2017-8463
CVE CVE-2017-8467
CVE CVE-2017-8486
CVE CVE-2017-8495
CVE CVE-2017-8556
CVE CVE-2017-8557
CVE CVE-2017-8563
CVE CVE-2017-8564
CVE CVE-2017-8565
CVE CVE-2017-8573
CVE CVE-2017-8577
CVE CVE-2017-8578
CVE CVE-2017-8580
CVE CVE-2017-8581
CVE CVE-2017-8582
CVE CVE-2017-8587
CVE CVE-2017-8588
CVE CVE-2017-8589
CVE CVE-2017-8590
CVE CVE-2017-8592
MSKB 4025341
MSKB 4025337
XREF MSFT:MS17-4025341
XREF MSFT:MS17-4025337
Plugin Information
Published: 2017/07/11, Modified: 2025/12/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4025341
- 4025337

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23841
100761 - Windows 7 and Windows Server 2008 R2 June 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4022722 or cumulative update 4022719. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An attacker on a guest operating system can exploit this to gain elevated privileges on the guest. Note that the host operating system is not vulnerable. (CVE-2017-0193)

- A remote code execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input before loading dynamic link library (DLL) files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-0260)

- Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0284, CVE-2017-0285, CVE-2017-8534)

- Multiple remote code execution vulnerabilities exist in Windows Uniscribe software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2017-0283, CVE-2017-8528)

- Mutiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to disclose the contents of memory.
(CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)

- A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to execute arbitrary code in the context of the current user. (CVE-2017-0294)

- An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. (CVE-2017-0297)

- An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged on to the same system using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the base address of the kernel driver.
(CVE-2017-0299, CVE-2017-0300, CVE-2017-8462)

- A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-8469, CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8485, CVE-2017-8488, CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)

- Multiple remote code execution vulnerabilities exist in Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8519, CVE-2017-8547)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8524)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)

- A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)

- An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to disclose sensitive information. (CVE-2017-8544)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the contents of memory. (CVE-2017-8553, CVE-2017-8554)
See Also
Solution
Apply Security Only update KB4022722 or Cumulative Update KB4022719.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9388
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 98810
BID 98818
BID 98819
BID 98820
BID 98821
BID 98822
BID 98824
BID 98826
BID 98837
BID 98839
BID 98840
BID 98842
BID 98845
BID 98847
BID 98848
BID 98849
BID 98851
BID 98852
BID 98853
BID 98854
BID 98856
BID 98857
BID 98858
BID 98859
BID 98860
BID 98862
BID 98864
BID 98865
BID 98867
BID 98869
BID 98870
BID 98878
BID 98884
BID 98885
BID 98891
BID 98899
BID 98900
BID 98901
BID 98903
BID 98914
BID 98918
BID 98920
BID 98922
BID 98923
BID 98929
BID 98930
BID 98932
BID 98933
BID 98940
BID 98942
BID 98949
BID 98953
CVE CVE-2017-0193
CVE CVE-2017-0260
CVE CVE-2017-0282
CVE CVE-2017-0283
CVE CVE-2017-0284
CVE CVE-2017-0285
CVE CVE-2017-0286
CVE CVE-2017-0287
CVE CVE-2017-0288
CVE CVE-2017-0289
CVE CVE-2017-0294
CVE CVE-2017-0296
CVE CVE-2017-0297
CVE CVE-2017-0298
CVE CVE-2017-0299
CVE CVE-2017-0300
CVE CVE-2017-8462
CVE CVE-2017-8464
CVE CVE-2017-8469
CVE CVE-2017-8470
CVE CVE-2017-8471
CVE CVE-2017-8472
CVE CVE-2017-8473
CVE CVE-2017-8475
CVE CVE-2017-8476
CVE CVE-2017-8477
CVE CVE-2017-8478
CVE CVE-2017-8479
CVE CVE-2017-8480
CVE CVE-2017-8481
CVE CVE-2017-8482
CVE CVE-2017-8483
CVE CVE-2017-8484
CVE CVE-2017-8485
CVE CVE-2017-8488
CVE CVE-2017-8489
CVE CVE-2017-8490
CVE CVE-2017-8491
CVE CVE-2017-8492
CVE CVE-2017-8519
CVE CVE-2017-8524
CVE CVE-2017-8527
CVE CVE-2017-8528
CVE CVE-2017-8531
CVE CVE-2017-8532
CVE CVE-2017-8533
CVE CVE-2017-8534
CVE CVE-2017-8543
CVE CVE-2017-8544
CVE CVE-2017-8547
CVE CVE-2017-8553
CVE CVE-2017-8554
MSKB 4022719
MSKB 4022722
XREF MSFT:MS17-4022719
XREF MSFT:MS17-4022722
XREF CISA-KNOWN-EXPLOITED:2022/08/10
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information
Published: 2017/06/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4022719
- 4022722

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23816
103746 - Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4041678 or cumulative update 4041681. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11813, CVE-2017-11822)

- A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-11771)

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2017-11824)

- An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8689, CVE-2017-8694)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8717, CVE-2017-8718)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-11816)

- An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2017-11815)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11765, CVE-2017-11814)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11793, CVE-2017-11810)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11762, CVE-2017-11763)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11790)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11817)

- A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests.
(CVE-2017-11781)

- An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11772)

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
(CVE-2017-11780)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2017-11784, CVE-2017-11785)

- A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network.
(CVE-2017-13080)
See Also
Solution
Apply Security Only update KB4041678 or Cumulative update KB4041681.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6561
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 101077
BID 101081
BID 101083
BID 101093
BID 101094
BID 101095
BID 101099
BID 101100
BID 101108
BID 101109
BID 101110
BID 101111
BID 101114
BID 101116
BID 101122
BID 101128
BID 101136
BID 101140
BID 101141
BID 101147
BID 101149
BID 101161
BID 101162
BID 101274
CVE CVE-2017-8689
CVE CVE-2017-8694
CVE CVE-2017-8717
CVE CVE-2017-8718
CVE CVE-2017-11762
CVE CVE-2017-11763
CVE CVE-2017-11765
CVE CVE-2017-11771
CVE CVE-2017-11772
CVE CVE-2017-11780
CVE CVE-2017-11781
CVE CVE-2017-11784
CVE CVE-2017-11785
CVE CVE-2017-11790
CVE CVE-2017-11793
CVE CVE-2017-11810
CVE CVE-2017-11813
CVE CVE-2017-11814
CVE CVE-2017-11815
CVE CVE-2017-11816
CVE CVE-2017-11817
CVE CVE-2017-11819
CVE CVE-2017-11822
CVE CVE-2017-11824
CVE CVE-2017-13080
MSKB 4041681
MSKB 4041678
XREF IAVA:2017-A-0310
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041678
Plugin Information
Published: 2017/10/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4041681
- 4041678

- C:\Windows\system32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23915
109800 - 7-Zip < 18.00 Multiple Vulnerabilities
-
Synopsis
A compression utility installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of 7-Zip installed on the remote Windows host is prior to 18.0. It is, therefore, affected by multiple vulnerabilities.
See Also
Solution
Upgrade to 7-Zip version 18.00 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0819
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information
Published: 2018/05/14, Modified: 2024/10/08
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 18.00
109730 - 7-Zip < 18.05 Memory Corruption Arbitrary Code Execution
-
Synopsis
A compression utility installed on the remote Windows host is affected by arbitrary code execution.
Description
The version of 7-Zip installed on the remote Windows host contains a flaw in the NArchive::NRar::CHandler::Extract method in Archive/Rar/RarHandler.cpp. The issue is triggered as certain input is not properly validated when performing 'solid' decompression of a RAR archive. With a specially crafted file, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.
See Also
Solution
Upgrade to 7-Zip version 18.05 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0543
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 104132
CVE CVE-2018-10115
XREF IAVA:2018-A-0147-S
Plugin Information
Published: 2018/05/11, Modified: 2024/10/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 18.05
180360 - 7-Zip < 23.00 Multiple Vulnerabilities
-
Synopsis
A compression utility installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of 7-Zip installed on the remote Windows host is below 23.00. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in 7-zip due to an integer underflow. An unauthenticated, remote attacker can exploit this, by tricking a user into opening a specially crafted archive, to execute arbitrary code on the system. (CVE-2023-31102)

- A remote code execution vulnerability exists in 7-zip due to an out-of-bounds write. An unauthenticated, remote attacker can exploit this, by tricking a user into opening a specially crafted archive, to execute arbitrary code on the system. (CVE-2023-40481)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 23.00 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3838
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-31102
CVE CVE-2023-40481
XREF IAVA:2023-A-0440-S
Plugin Information
Published: 2023/08/31, Modified: 2024/11/22
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 23.00
209231 - 7-Zip < 24.01 Heap-based Buffer Overflow
-
Synopsis
The 7-zip instance installed on the remote host is affected by a heap based buffer overflow vulnerability.
Description
The version of 7-Zip installed on the remote Windows host is below 24.01. It is, therefore, affected by multiple vulnerabilities:

- The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size:
buffer+512*i-2, for i=9, i=10, i=11, etc. (CVE-2023-52168)

- The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. (CVE-2023-52169)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-zip version 24.01 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.3 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0039
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2024/10/17, Modified: 2024/10/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 24.01
211725 - 7-Zip < 24.07 RCE (ZDI-24-1532)
-
Synopsis
The remote host is missing a security update.
Description
The version of 7-Zip installed on the remote host is prior to 24.07. It is, therefore, affected by a remote code execution vulnerability as referenced in the ZDI-24-1532 advisory.

- This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip.
Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2024-11477)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 24.07 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3951
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-11477
XREF IAVA:2024-A-0765-S
Plugin Information
Published: 2024/11/22, Modified: 2025/01/24
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 24.07
214542 - 7-Zip < 24.09 (ZDI-25-045)
-
Synopsis
The remote host is missing a security update.
Description
The version of 7-Zip installed on the remote host is prior to 24.09. It is, therefore, affected by a vulnerability as referenced in the ZDI-25-045 advisory.

- The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 24.09 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.3263
CVSS v2.0 Base Score
6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-0411
XREF IAVA:2025-A-0042-S
XREF CISA-KNOWN-EXPLOITED:2025/02/27
Plugin Information
Published: 2025/01/23, Modified: 2025/08/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 24.09
242639 - 7-Zip < 25.00
-
Synopsis
The remote host is missing a security update.
Description
The version of 7-Zip installed on the remote host is prior to 25.00. It is, therefore, affected by multiple vulnerabilities:

- 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. (CVE-2025-11001, CVE-2025-11002)

- An error in Z-zip's RAR5 handler's error correction for corrupted items can lead to a buffer overflow, resulting in memory corruption and denial of service.
(CVE-2025-53816)

- A Null pointer dereference in 7-Zip's implementation of the Compound handler can lead to denial of service at specific values. (CVE-2025-53817)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 25.00 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
VPR Score
9.2
EPSS Score
0.0031
CVSS v2.0 Base Score
6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-11001
CVE CVE-2025-11002
CVE CVE-2025-53816
CVE CVE-2025-53817
XREF IAVA:2025-A-0540-S
Plugin Information
Published: 2025/07/23, Modified: 2025/11/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 25.00

62101 - Apache 2.2.x < 2.2.23 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.23. It is, therefore, potentially affected by the following vulnerabilities :

- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars'
file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution.
(CVE-2012-0883)

- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks.
(CVE-2012-2687)

Note that Nessus has not tested for these flaws but has instead relied on the version in the server's banner.
See Also
Solution
Upgrade to Apache version 2.2.23 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.1 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0732
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 53046
BID 55131
CVE CVE-2012-0883
CVE CVE-2012-2687
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
Plugin Information
Published: 2012/09/14, Modified: 2018/06/29
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.23
77531 - Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities :

- A flaw exists within the 'mod_headers' module which allows a remote attacker to inject arbitrary headers.
This is done by placing a header in the trailer portion of data being sent using chunked transfer encoding.
(CVE-2013-5704)

- A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. Using a specially crafted request, a remote attacker can exploit this to cause a denial of service by exhausting memory and CPU resources. (CVE-2014-0118)

- The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226)

- The 'mod_cgid' module lacks a time out mechanism. Using a specially crafted request, a remote attacker can use this flaw to cause a denial of service by causing child processes to linger indefinitely, eventually filling up the scoreboard. (CVE-2014-0231)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.2.29 or later.

Note that version 2.2.28 was never officially released.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
6.6 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.7544
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 66550
BID 68678
BID 68742
BID 68745
CVE CVE-2013-5704
CVE CVE-2014-0118
CVE CVE-2014-0226
CVE CVE-2014-0231
XREF EDB-ID:34133
Plugin Information
Published: 2014/09/04, Modified: 2020/04/27
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.29
193422 - Apache 2.4.x < 2.4.54 HTTP Request Smuggling Vulnerability
-
Synopsis
The remote web server is affected by a HTTP request smuggling vulnerability.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by a http request smuggling vulnerability as referenced in the 2.4.54 advisory.

- Possible request smuggling in mod_proxy_ajp: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. Acknowledgements: Ricter Z @ 360 Noah Lab

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.54 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.393
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-26377
XREF IAVA:2022-A-0230-S
Plugin Information
Published: 2024/04/17, Modified: 2024/04/18
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.54
193423 - Apache 2.4.x < 2.4.54 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory.

- Denial of Service mod_sed: If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. Acknowledgements: This issue was found by Brian Moussalli from the JFrog Security Research team

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.54 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.1194
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-30522
XREF IAVA:2022-A-0230-S
Plugin Information
Published: 2024/04/17, Modified: 2024/04/18
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.54
193424 - Apache 2.4.x < 2.4.54 Multiple Vulnerabilities (mod_lua)
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory.

- Denial of service in mod_lua r:parsebody: In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. Acknowledgements: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue (CVE-2022-29404)

- Information Disclosure in mod_lua with websockets: Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Acknowledgements: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue (CVE-2022-30556)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.54 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0215
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-29404
CVE CVE-2022-30556
XREF IAVA:2022-A-0230-S
Plugin Information
Published: 2024/04/17, Modified: 2024/04/18
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.54
183391 - Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory.

- Apache HTTP Server: DoS in HTTP/2 with initial windows size 0: An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known slow loris attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
Acknowledgements: (CVE-2023-43622)

- Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST: When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During normal HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Acknowledgements: (CVE-2023-45802)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache version 2.4.58 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.5906
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-43622
CVE CVE-2023-45802
XREF IAVA:2023-A-0572-S
Plugin Information
Published: 2023/10/19, Modified: 2024/04/29
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.58
193419 - Apache 2.4.x < 2.4.58 Out-of-Bounds Read (CVE-2023-31122)
-
Synopsis
The remote web server is affected by an out-of-bounds read vulnerability.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory.

- mod_macro buffer over-read: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache version 2.4.58 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0035
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-31122
XREF IAVA:2023-A-0572-S
Plugin Information
Published: 2024/04/17, Modified: 2024/04/29
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.58
192923 - Apache 2.4.x < 2.4.59 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
The version of Apache httpd installed on the remote host is prior to 2.4.59. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.59 advisory.

- Apache HTTP Server: HTTP Response Splitting in multiple modules: HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. Acknowledgements: (CVE-2024-24795)

- Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Acknowledgements: finder: Bartek Nowotarski (https://nowotarski.info/) (CVE-2024-27316)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache version 2.4.59 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.8912
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-38709
CVE CVE-2024-24795
CVE CVE-2024-27316
XREF IAVA:2024-A-0202-S
Plugin Information
Published: 2024/04/04, Modified: 2024/07/12
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.59

156103 - Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
-
Synopsis
A package installed on the remote host is affected by a remote code execution vulnerability.
Description
The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.722
CVSS v2.0 Base Score
6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-4104
XREF IAVA:0001-A-0650
XREF IAVA:2021-A-0573-S
Plugin Information
Published: 2021/12/15, Modified: 2026/01/21
Plugin Output

tcp/0


Path : C:\ManageEngine\DesktopCentral_Server\lib\log4j-1.2.15.jar
Installed version : 1.2.15
Fixed version : 2.16.0

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2.war
Installed version : 1.2.15
Fixed version : 2.16.0

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2\WEB-INF\lib\log4j-1.2.15.jar
Installed version : 1.2.15
Fixed version : 2.16.0

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase.war
Installed version : 1.2.17
Fixed version : 2.16.0

tcp/0


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Fixed version : 2.16.0

tcp/0


Path : C:\Program Files\elasticsearch-1.1.1\lib\log4j-1.2.17.jar
Installed version : 1.2.17
Fixed version : 2.16.0

277466 - Apache Struts 2.0.0 <= 6.7.0 / 7.0.0 <= 7.0.3 Denial of Service (S2-068)
-
Synopsis
The Apache Struts install on the remote host is affected by a denial of service vulnerability.
Description
The version of Apache Struts installed on the remote host is 2.0.0 through 6.7.0 or 7.0.0 through 7.0.3. It is, therefore, affected by a denial of service vulnerability as referenced in the S2-068 advisory:

- Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. (CVE-2025-64775)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 6.8.0 or 7.1.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
5.1
EPSS Score
0.0004
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
STIG Severity
I
References
CVE CVE-2025-64775
XREF IAVA:2025-A-0883
Plugin Information
Published: 2025/12/04, Modified: 2025/12/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 6.8.0
118731 - Apache Struts 2.3.x < 2.3.33 Denial of Service (S2-049)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by multiple denial of service vulnerabilities.
Description
The version of Apache Struts running on the remote host is 2.3.x prior to 2.3.33. It is, therefore, affected by the following vulnerability:

- A flaw exists in unspecified Spring AOP functionality that is used to secure Struts actions. An authenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-9787)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.33 or later.
Alternatively, apply the workaround referenced in the vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0823
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 99563
CVE CVE-2017-9787
Plugin Information
Published: 2018/11/05, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.33
88714 - Apache Struts 2.x < 2.3.24.1 Multiple Vulnerabilities (S2-026) (S2-027)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by multiple vulnerabilities.
Description
The version of Apache Struts running on the remote host is 2.x prior to 2.3.24.1. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and an open redirect vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.24.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0404
CVSS v2.0 Base Score
6.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 82550
BID 85131
CVE CVE-2015-5209
CVE CVE-2016-3090
Plugin Information
Published: 2016/02/12, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.24.1
90153 - Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by multiple vulnerabilities
Description
The version of Apache Struts running on the remote host is 2.x prior to 2.3.28. It is, therefore, affected by the following vulnerabilities :
- A cross-site scripting vulnerability exists due to improper validation of user-supplied input when using a single byte page encoding. A remote attacker can exploit this, via non-spec URL-encoded parameter value including multi-byte characters. (CVE-2016-4003)

- A remote code execution vulnerability exists due to double OGNL evaluation of attribute values assigned to certain tags. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code. (CVE-2016-0785)

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input when using the I18NInterceptor. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2162)

- A denial of service vulnerability exists in the Object-Graph Navigation Language (OGNL) component due to a flaw in the implementation of the cache for stored method references. A context-dependent attacker can exploit this to block access to arbitrary websites.
(CVE-2016-3093)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.28 or later. Alternatively, apply the workaround referenced in the vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3528
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 85066
BID 85070
BID 86311
BID 90961
CVE CVE-2016-0785
CVE CVE-2016-2162
CVE CVE-2016-3093
CVE CVE-2016-4003
Plugin Information
Published: 2016/03/24, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.28
91812 - Apache Struts 2.x < 2.3.29 Multiple Vulnerabilities (S2-035 - S2-040)
-
Synopsis
The remote Windows host contains a web application that uses a Java framework that is affected by multiple vulnerabilities.
Description
The version of Apache Struts running on the remote Windows host is 2.x prior to 2.3.29. It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists due to erroneously performing double OGNL evaluation of attribute values assigned to certain tags. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.
(CVE-2016-0785)

- A cross-site request forgery (XSRF) vulnerability exists due to improper validation of session tokens. An unauthenticated, remote attacker can exploit this, via a malicious OGNL expression, to bypass token validation and perform an XSRF attack. (CVE-2016-4430)

- Multiple input validation issues exists that allow internal security mechanisms to be bypassed, allowing the manipulation of a return string which can be used to redirect users to a malicious website. This affects both the default action method the 'getter' action method.
(CVE-2016-4431, CVE-2016-4433)

- An unspecified flaw exists that is triggered during the cleanup of action names. An unauthenticated, remote attacker can exploit this, via a specially crafted payload, to perform unspecified actions. (CVE-2016-4436)

- A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted OGNL expression, to execute arbitrary code. (CVE-2016-4438)

- A remote code execution vulnerability exists in user tag attributes due to improper handling of OGNL expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted double OGNL evaluation, to execute arbitrary code. (CVE-2016-4461)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.29 or later. Alternatively, apply the workarounds referenced in the vendor advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.7206
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:C)
References
BID 85066
BID 91275
BID 91277
BID 91280
BID 91281
BID 91282
BID 91284
CVE CVE-2016-0785
CVE CVE-2016-4430
CVE CVE-2016-4431
CVE CVE-2016-4433
CVE CVE-2016-4436
CVE CVE-2016-4438
CVE CVE-2016-4461
Exploitable With
(true)
Plugin Information
Published: 2016/06/24, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.29
290256 - Apache Struts 2.x <= 2.3.37 / 2.5.x <= 2.5.33 / 6.x < 6.1.1 XML External Entity Injection in XWork (S2-069)
-
Synopsis
The Apache Struts install on the remote host is affected by an XML external entity injection vulnerability.
Description
The version of Apache Struts installed on the remote host is 2.0.0 through 2.3.37, 2.5.0 through 2.5.33, or 6.x prior to 6.1.1. It is, therefore, affected by an XML external entity injection (XXE) vulnerability in the XWork component:

- Missing XML Validation vulnerability in Apache Struts, Apache Struts. Users are recommended to upgrade to version 6.1.1, which fixes the issue. (CVE-2025-68493)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 6.1.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)
CVSS v3.0 Temporal Score
7.3 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0004
CVSS v2.0 Base Score
9.4 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information
Published: 2026/01/16, Modified: 2026/02/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 6.1.1
177225 - Apache Struts < 2.5.31 / 6.1.2.1 Denial of Service (S2-064)
-
Synopsis
Apache Struts installed on the remote host is affected by Denial of Service vulnerability
Description
The version of Apache Struts installed on the remote host is prior to 2.5.31 or 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-064 advisory.

- When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory. (CVE-2023-34396)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.31, 6.1.2.1 or later. Alternatively, apply the workaround as referenced in in the vendor's security bulletin
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0179
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-34396
XREF IAVA:2023-A-0287-S
Plugin Information
Published: 2023/06/13, Modified: 2025/11/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.31
112036 - Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by a possible remote code execution.
Description
The version of Apache Struts running on the remote host is 2.3.x prior to 2.3.35, or 2.5.x prior to 2.5.17. It, therefore, contains a possible remote code execution vulnerability when results are used without setting a namespace along with an upper action that does not have a namespace set or has a wildcard namespace set.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.35 or 2.5.17 or later
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.9443
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 105125
CVE CVE-2018-11776
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
(true) Metasploit (true)
Plugin Information
Published: 2018/08/22, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.35
108760 - Apache Struts XStream Handler REST Plugin XML Request Handling Remote DoS (S2-056)
-
Synopsis
A web application running on the remote host uses a Java framework that is affected by remote denial of service attack.
Description
The version of Apache Struts running on the remote host is prior to 2.5.16. It, therefore, contains a flaw in the REST plugin when using the XStream handler that is triggered during the handling of a specially crafted request with an XML payload. This may allow a remote attacker to cause a denial of service.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.5.16 or later or apply the workaround as referenced in the vendor's security bulletin.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0336
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 103516
CVE CVE-2018-1327
Plugin Information
Published: 2018/03/30, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.16
65057 - Insecure Windows Service Permissions
-
Synopsis
At least one improperly configured Windows service may have a privilege escalation vulnerability.
Description
At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.

This plugin checks if any of the following groups have permissions to modify executable files that are started by Windows services :

- Everyone
- Users
- Domain Users
- Authenticated Users
See Also
Solution
Ensure that the Everyone, Users, Domain Users and Authenticated Users groups do not have permissions to modify or write service executables. Additionally, ensure these groups do not have Full Control permission to any directories that contain service executables.
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2013/03/06, Modified: 2025/03/14
Plugin Output

tcp/445/cifs


Path : c:\program files\jmx\jmx.exe
Used by services : jmx
File write allowed for groups : Everyone (S-1-1-0)
Full control of directory allowed for groups : Everyone (S-1-1-0)
105552 - KB4056897: Windows 7 and Windows Server 2008 R2 January 2018 Security Update (Meltdown)(Spectre)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4056897 or cumulative update 4056894. It is, therefore, affected by multiple vulnerabilities :

- An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.
(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

- An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0788)

- An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0762, CVE-2018-0772)

- An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-0741)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0747)

- An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.
(CVE-2018-0748)

- A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0750)
See Also
Solution
Apply Security Only update KB4056897 or Cumulative Update KB4056894 as well as refer to the KB4072698 article for additional information.

Note: Due to a compatibility issue with some antivirus software products, it may not be possible to apply the required updates.
See Microsoft KB article 4072699 for more information.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.5
EPSS Score
0.9433
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 102378
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-0741
CVE CVE-2018-0747
CVE CVE-2018-0748
CVE CVE-2018-0749
CVE CVE-2018-0750
CVE CVE-2018-0754
CVE CVE-2018-0762
CVE CVE-2018-0772
CVE CVE-2018-0788
MSKB 4056897
MSKB 4056894
XREF IAVA:2018-A-0019
XREF IAVA:2018-A-0020
XREF MSFT:MS18-4056897
XREF MSFT:MS18-4056894
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2018/01/04, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4056897
- 4056894

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24000
106802 - KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4074587 or cumulative update 4074598. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0866)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0757, CVE-2018-0829, CVE-2018-0830)

- An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.
(CVE-2018-0847)

- A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-0825)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2018-0742, CVE-2018-0820)

- A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2018-0842)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-0844, CVE-2018-0846)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0840)

- An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that while this vulnerability would not allow an attacker to either execute code or to elevate user rights directly, it could be used to obtain information in an attempt to further compromise the affected system. (CVE-2018-0755, CVE-2018-0760, CVE-2018-0761, CVE-2018-0855)
See Also
Solution
Apply Security Only update KB4074587 or Cumulative Update KB4074598.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.7974
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Plugin Information
Published: 2018/02/13, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4074598
- 4074587

- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24024
108290 - KB4088878: Windows 7 and Windows Server 2008 R2 March 2018 Security Update (Meltdown)(Spectre)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4088878 or cumulative update 4088875. It is, therefore, affected by multiple vulnerabilities :

- An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.
Note: this patch applies to only 32-bit Windows 7 systems.
(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

- An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0878)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0929)

- A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-0883)

- An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0881)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0927, CVE-2018-0932)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0889, CVE-2018-0935)

- An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The update addresses the vulnerability by correcting how Internet Explorer handles zone and integrity settings. (CVE-2018-0942)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2018-0811, CVE-2018-0813, CVE-2018-0814)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2018-0885)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0904)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2018-0868)

- A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP).
An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack. As an example of how an attacker would exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process. To be fully protected against this vulnerability users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems and users must follow the instructions documented HERE to be fully protected. (CVE-2018-0886)

- An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0815, CVE-2018-0816, CVE-2018-0817)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0888)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-0891)
See Also
Solution
Apply Security Only update KB4088878 or Cumulative Update KB4088875 as well as refer to the KB article for additional information.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.9433
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 103230
BID 103231
BID 103232
BID 103234
BID 103236
BID 103238
BID 103240
BID 103241
BID 103242
BID 103243
BID 103244
BID 103245
BID 103246
BID 103248
BID 103249
BID 103250
BID 103251
BID 103256
BID 103259
BID 103261
BID 103262
BID 103265
BID 103295
BID 103298
BID 103299
BID 103307
BID 103309
BID 103310
BID 103312
CVE CVE-2018-0811
CVE CVE-2018-0813
CVE CVE-2018-0814
CVE CVE-2018-0815
CVE CVE-2018-0816
CVE CVE-2018-0817
CVE CVE-2018-0868
CVE CVE-2018-0878
CVE CVE-2018-0881
CVE CVE-2018-0883
CVE CVE-2018-0885
CVE CVE-2018-0886
CVE CVE-2018-0888
CVE CVE-2018-0889
CVE CVE-2018-0891
CVE CVE-2018-0894
CVE CVE-2018-0895
CVE CVE-2018-0896
CVE CVE-2018-0897
CVE CVE-2018-0898
CVE CVE-2018-0899
CVE CVE-2018-0900
CVE CVE-2018-0901
CVE CVE-2018-0904
CVE CVE-2018-0927
CVE CVE-2018-0929
CVE CVE-2018-0932
CVE CVE-2018-0935
CVE CVE-2018-0942
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
MSKB 4088875
MSKB 4088878
XREF IAVA:2018-A-0019
XREF IAVA:2018-A-0020
XREF MSFT:MS18-4088875
XREF MSFT:MS18-4088878
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2018/03/13, Modified: 2026/01/13
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4088875
- 4088878

- C:\Windows\system32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.24059
108966 - KB4093108: Windows 7 and Windows Server 2008 R2 April 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4093108 or cumulative update 4093118. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1008)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2018-0987)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-1003)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0960)

- A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-8116)

- A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges.
However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps. (CVE-2018-0967)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-1004)

- An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. (CVE-2018-0981, CVE-2018-0989, CVE-2018-1000)

- An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975)

- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2018-0976)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0887)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0988, CVE-2018-0996, CVE-2018-1001)
See Also
Solution
Apply Security Only update KB4093108 or Cumulative Update KB4093118.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3704
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Plugin Information
Published: 2018/04/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4093108
- 4093118

- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.24094
108757 - KB4100480: Windows Kernel Elevation of Privilege Vulnerability
-
Synopsis
The remote Windows host is affected by elevation of privilege vulnerability.
Description
The remote Windows host is missing security update 4100480. It is, therefore, affected by an elevation of privilege vulnerability that exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
See Also
Solution
Apply KB4100480.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6128
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-1038
MSKB 4100480
XREF MSFT:MS18-4100480
Plugin Information
Published: 2018/03/30, Modified: 2024/11/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4100480

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24093
109604 - KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4103712 or cumulative update 4103718. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8897)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8178)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8120, CVE-2018-8124, CVE-2018-8164, CVE-2018-8166)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0954, CVE-2018-1022)

- A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2018-1039)

- An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.
(CVE-2018-8145)

- A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. (CVE-2018-8136)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8127)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8167)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0959)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-1025)

- A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
(CVE-2018-0824)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-0955, CVE-2018-8114, CVE-2018-8122)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8174)

- A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET (or .NET core) application. The update addresses the vulnerability by correcting how .NET and .NET Core applications handle XML document processing.
(CVE-2018-0765)
See Also
Solution
Apply Security Only update KB4103712 or Cumulative Update KB4103718.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9428
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-0765
CVE CVE-2018-0824
CVE CVE-2018-0954
CVE CVE-2018-0955
CVE CVE-2018-0959
CVE CVE-2018-1022
CVE CVE-2018-1025
CVE CVE-2018-1039
CVE CVE-2018-8114
CVE CVE-2018-8120
CVE CVE-2018-8122
CVE CVE-2018-8124
CVE CVE-2018-8127
CVE CVE-2018-8136
CVE CVE-2018-8145
CVE CVE-2018-8164
CVE CVE-2018-8166
CVE CVE-2018-8167
CVE CVE-2018-8174
CVE CVE-2018-8178
CVE CVE-2018-8897
MSKB 4103718
MSKB 4103712
XREF MSFT:MS18-4103718
XREF MSFT:MS18-4103712
XREF CISA-KNOWN-EXPLOITED:2024/08/26
XREF CISA-KNOWN-EXPLOITED:2022/04/05
XREF CISA-KNOWN-EXPLOITED:2022/08/15
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2018/05/08, Modified: 2024/10/11
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4103718
- 4103712

- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.24117
110486 - KB4284867: Windows 7 and Windows Server 2008 R2 June 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4284867 or cumulative update 4284826. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8224)

- An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8169)

- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2018-8251)

- A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. (CVE-2018-8225)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-8205)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0978, CVE-2018-8249)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8267)

- A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. An attacker could host a specially crafted file in a website or SMB share.
The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how the Code Integrity Module performs hashing.
(CVE-2018-1040)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8207)

- An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-1036)
See Also
Solution
Apply Security Only update KB4284867 or Cumulative Update KB4284826.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.5518
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 104356
BID 104360
BID 104363
BID 104364
BID 104379
BID 104381
BID 104389
BID 104391
BID 104395
BID 104398
BID 104404
CVE CVE-2018-0978
CVE CVE-2018-1036
CVE CVE-2018-1040
CVE CVE-2018-8169
CVE CVE-2018-8205
CVE CVE-2018-8207
CVE CVE-2018-8224
CVE CVE-2018-8225
CVE CVE-2018-8249
CVE CVE-2018-8251
CVE CVE-2018-8267
MSKB 4284826
MSKB 4284867
XREF MSFT:MS18-4284826
XREF MSFT:MS18-4284867
Plugin Information
Published: 2018/06/12, Modified: 2025/04/01
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4284826
- 4284867

- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.24150
110982 - KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4338823 or cumulative update 4338818. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. (CVE-2018-8202)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8242, CVE-2018-8296)

- A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. (CVE-2018-8304)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-8309)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8282)

- A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-8206)

- A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted.
(CVE-2018-0949)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8308)

- A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file- sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file. The security update addresses the vulnerability by correcting how Microsoft WordPad handles input. (CVE-2018-8307)

- A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8260)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8287, CVE-2018-8288, CVE-2018-8291)

- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2018-8284)

- An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges when code execution is attempted. The security update addresses the vulnerability by correcting how Windows file picker handles paths. (CVE-2018-8314)

- A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validate certificates.
(CVE-2018-8356)
See Also
Solution
Apply Security Only update KB4338823 or Cumulative Update KB4338818.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8328
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 104617
BID 104620
BID 104622
BID 104629
BID 104631
BID 104634
BID 104636
BID 104637
BID 104638
BID 104648
BID 104652
BID 104664
BID 104665
BID 104666
BID 104667
BID 104668
BID 104669
CVE CVE-2018-0949
CVE CVE-2018-8202
CVE CVE-2018-8206
CVE CVE-2018-8242
CVE CVE-2018-8260
CVE CVE-2018-8282
CVE CVE-2018-8284
CVE CVE-2018-8287
CVE CVE-2018-8288
CVE CVE-2018-8291
CVE CVE-2018-8296
CVE CVE-2018-8304
CVE CVE-2018-8307
CVE CVE-2018-8308
CVE CVE-2018-8309
CVE CVE-2018-8314
CVE CVE-2018-8356
MSKB 4338823
MSKB 4338818
XREF MSFT:MS18-4338823
XREF MSFT:MS18-4338818
Plugin Information
Published: 2018/07/10, Modified: 2024/09/05
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4338823
- 4338818

- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.24168
111689 - KB4343899: Windows 7 and Windows Server 2008 R2 August 2018 Security Update (Foreshadow)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4343899 or cumulative update 4343900. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8403)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8341, CVE-2018-8348)

- An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. (CVE-2018-8342, CVE-2018-8343)

- A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2018-8316)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2018-8394, CVE-2018-8396, CVE-2018-8398)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8355, CVE-2018-8372, CVE-2018-8385)

- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2018-8345, CVE-2018-8346)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2018-8353, CVE-2018-8371, CVE-2018-8373, CVE-2018-8389)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8397)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8404)

- A remote code execution vulnerability exists in &quot;Microsoft COM for Windows&quot; when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
(CVE-2018-8349)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2018-8339)

- An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream.
(CVE-2018-8360)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website.
This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access. (CVE-2018-8351)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8344)
See Also
Solution
Apply Security Only update KB4343899 or Cumulative Update KB4343900 as well as refer to the KB article for additional information.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.8242
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 104975
BID 104978
BID 104982
BID 104983
BID 104984
BID 104986
BID 104987
BID 104992
BID 104994
BID 104995
BID 104999
BID 105001
BID 105002
BID 105027
BID 105028
BID 105030
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3646
CVE CVE-2018-3665
CVE CVE-2018-8316
CVE CVE-2018-8339
CVE CVE-2018-8341
CVE CVE-2018-8342
CVE CVE-2018-8343
CVE CVE-2018-8344
CVE CVE-2018-8345
CVE CVE-2018-8346
CVE CVE-2018-8348
CVE CVE-2018-8349
CVE CVE-2018-8351
CVE CVE-2018-8353
CVE CVE-2018-8355
CVE CVE-2018-8360
CVE CVE-2018-8371
CVE CVE-2018-8372
CVE CVE-2018-8373
CVE CVE-2018-8385
CVE CVE-2018-8389
CVE CVE-2018-8394
CVE CVE-2018-8396
CVE CVE-2018-8397
CVE CVE-2018-8398
CVE CVE-2018-8403
CVE CVE-2018-8404
MSKB 4343899
MSKB 4343900
XREF MSFT:MS18-4343899
XREF MSFT:MS18-4343900
XREF CISA-KNOWN-EXPLOITED:2022/04/15
Exploitable With
Core Impact (true)
Plugin Information
Published: 2018/08/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4343899
- 4343900

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24214
118001 - KB4462915: Windows 7 and Windows Server 2008 R2 October 2018 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4462915 or cumulative update 4462923. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-8460, CVE-2018-8491)

- A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global Query Blocklist.
(CVE-2018-8320)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-8330)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2018-8432)

- An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
(CVE-2018-8486)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2018-8472)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-8489)

- An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2018-8411)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2018-8494)

- An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. (CVE-2018-8481, CVE-2018-8482)

- A remote code execution vulnerability exists when &quot;Windows Theme API&quot; does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2018-8413)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8453)

- A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-8423)

- An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8333)
See Also
Solution
Apply Security Only update KB4462915 or Cumulative Update KB4462923.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.7816
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 105477
CVE CVE-2018-8320
CVE CVE-2018-8330
CVE CVE-2018-8333
CVE CVE-2018-8411
CVE CVE-2018-8413
CVE CVE-2018-8423
CVE CVE-2018-8432
CVE CVE-2018-8453
CVE CVE-2018-8460
CVE CVE-2018-8472
CVE CVE-2018-8481
CVE CVE-2018-8482
CVE CVE-2018-8486
CVE CVE-2018-8489
CVE CVE-2018-8491
CVE CVE-2018-8494
MSKB 4462915
MSKB 4462923
XREF MSFT:MS18-4462915
XREF MSFT:MS18-4462923
XREF CISA-KNOWN-EXPLOITED:2022/07/21
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2018/10/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4462915
- 4462923

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24260
121017 - KB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4480960 or cumulative update 4480970. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0569)

- An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584)

- A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2019-0541)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)

- An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests. (CVE-2019-0543)
See Also
Solution
Apply Security Only update KB4480960 or Cumulative Update KB4480970.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.8094
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2018-3639
CVE CVE-2019-0536
CVE CVE-2019-0538
CVE CVE-2019-0541
CVE CVE-2019-0543
CVE CVE-2019-0545
CVE CVE-2019-0549
CVE CVE-2019-0554
CVE CVE-2019-0569
CVE CVE-2019-0575
CVE CVE-2019-0576
CVE CVE-2019-0577
CVE CVE-2019-0578
CVE CVE-2019-0579
CVE CVE-2019-0580
CVE CVE-2019-0581
CVE CVE-2019-0582
CVE CVE-2019-0583
CVE CVE-2019-0584
MSKB 4480960
MSKB 4480970
XREF MSFT:MS19-4480960
XREF MSFT:MS19-4480970
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/04/05
Exploitable With
Core Impact (true)
Plugin Information
Published: 2019/01/08, Modified: 2026/01/09
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4480960
- 4480970

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24335
122782 - KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4489885 or cumulative update 4489878. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. (CVE-2019-0683)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0617)

- A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.
(CVE-2019-0761)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0780)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-0609)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)

- An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. (CVE-2019-0703, CVE-2019-0704, CVE-2019-0821)

- An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit the victim system. (CVE-2019-0759)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0782)

- A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. (CVE-2019-0762)

- A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0690)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0754)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-0680, CVE-2019-0783)

- A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0784)

- A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
(CVE-2019-0603)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0614, CVE-2019-0774)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2019-0767)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0763)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0808)

- A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0746)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0756)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0772)

- A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0765)
See Also
Solution
Apply Security Only update KB4489885 or Cumulative Update KB4489878.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7424
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2019-0603
CVE CVE-2019-0609
CVE CVE-2019-0614
CVE CVE-2019-0617
CVE CVE-2019-0665
CVE CVE-2019-0666
CVE CVE-2019-0667
CVE CVE-2019-0680
CVE CVE-2019-0683
CVE CVE-2019-0690
CVE CVE-2019-0702
CVE CVE-2019-0703
CVE CVE-2019-0704
CVE CVE-2019-0746
CVE CVE-2019-0754
CVE CVE-2019-0755
CVE CVE-2019-0756
CVE CVE-2019-0759
CVE CVE-2019-0761
CVE CVE-2019-0762
CVE CVE-2019-0763
CVE CVE-2019-0765
CVE CVE-2019-0767
CVE CVE-2019-0772
CVE CVE-2019-0774
CVE CVE-2019-0775
CVE CVE-2019-0780
CVE CVE-2019-0782
CVE CVE-2019-0783
CVE CVE-2019-0784
CVE CVE-2019-0808
CVE CVE-2019-0821
MSKB 4489885
MSKB 4489878
XREF MSFT:MS19-4489885
XREF MSFT:MS19-4489878
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/06/13
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2019/03/12, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4489885
- 4489878

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24387
123945 - KB4493448: Windows 7 and Windows Server 2008 R2 April 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4493448 or cumulative update 4493472. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.
(CVE-2019-0732)

- An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)

- A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0803, CVE-2019-0859)

- A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)

- An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0848)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)

- An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)

- A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.
(CVE-2019-0794)

- A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)

- A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.
(CVE-2019-0764)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)
See Also
Solution
Apply Security Only update KB4493448 or Cumulative Update KB4493472.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9204
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2019-0730
CVE CVE-2019-0731
CVE CVE-2019-0732
CVE CVE-2019-0735
CVE CVE-2019-0752
CVE CVE-2019-0753
CVE CVE-2019-0764
CVE CVE-2019-0791
CVE CVE-2019-0792
CVE CVE-2019-0793
CVE CVE-2019-0794
CVE CVE-2019-0795
CVE CVE-2019-0796
CVE CVE-2019-0802
CVE CVE-2019-0803
CVE CVE-2019-0805
CVE CVE-2019-0835
CVE CVE-2019-0836
CVE CVE-2019-0838
CVE CVE-2019-0839
CVE CVE-2019-0842
CVE CVE-2019-0844
CVE CVE-2019-0845
CVE CVE-2019-0846
CVE CVE-2019-0847
CVE CVE-2019-0848
CVE CVE-2019-0849
CVE CVE-2019-0851
CVE CVE-2019-0853
CVE CVE-2019-0856
CVE CVE-2019-0859
CVE CVE-2019-0862
CVE CVE-2019-0877
CVE CVE-2019-0879
MSKB 4493472
MSKB 4493448
XREF MSFT:MS19-4493472
XREF MSFT:MS19-4493448
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/08/15
XREF CEA-ID:CEA-2020-0129
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2019/04/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4493448
- 4493472

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24408
125824 - KB4503269: Windows 7 and Windows Server 2008 R2 June 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4503269 or cumulative update 4503292. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)

- A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)

- A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)

- A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0722)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-0943)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)

- A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0713)

- An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)

- An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1028)

- A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-0988)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2019-1039)

- This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)

- An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)

- A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to- speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
(CVE-2019-0985)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0960, CVE-2019-1014, CVE-2019-1017)

- An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.
(CVE-2019-1053)

- A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.
(CVE-2019-0888)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)

- A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)

- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)
See Also
Solution
Apply Security Only update KB4503269 or Cumulative Update KB4503292.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8968
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 108570
BID 108577
BID 108581
BID 108582
BID 108583
BID 108584
BID 108585
BID 108586
BID 108591
BID 108594
BID 108597
BID 108599
BID 108600
BID 108603
BID 108604
BID 108606
BID 108609
BID 108612
BID 108613
BID 108614
BID 108616
BID 108620
BID 108623
BID 108624
BID 108626
BID 108627
BID 108631
BID 108633
BID 108634
BID 108635
BID 108636
BID 108639
BID 108641
BID 108642
BID 108643
BID 108644
BID 108646
BID 108648
BID 108650
BID 108651
BID 108654
BID 108655
BID 108656
BID 108666
BID 108667
BID 108668
BID 108669
BID 108708
BID 108709
CVE CVE-2019-0713
CVE CVE-2019-0722
CVE CVE-2019-0888
CVE CVE-2019-0904
CVE CVE-2019-0905
CVE CVE-2019-0906
CVE CVE-2019-0907
CVE CVE-2019-0908
CVE CVE-2019-0909
CVE CVE-2019-0920
CVE CVE-2019-0941
CVE CVE-2019-0943
CVE CVE-2019-0948
CVE CVE-2019-0960
CVE CVE-2019-0968
CVE CVE-2019-0972
CVE CVE-2019-0973
CVE CVE-2019-0974
CVE CVE-2019-0977
CVE CVE-2019-0984
CVE CVE-2019-0985
CVE CVE-2019-0986
CVE CVE-2019-0988
CVE CVE-2019-1005
CVE CVE-2019-1009
CVE CVE-2019-1010
CVE CVE-2019-1011
CVE CVE-2019-1012
CVE CVE-2019-1013
CVE CVE-2019-1014
CVE CVE-2019-1015
CVE CVE-2019-1016
CVE CVE-2019-1017
CVE CVE-2019-1019
CVE CVE-2019-1025
CVE CVE-2019-1028
CVE CVE-2019-1038
CVE CVE-2019-1039
CVE CVE-2019-1040
CVE CVE-2019-1043
CVE CVE-2019-1045
CVE CVE-2019-1046
CVE CVE-2019-1047
CVE CVE-2019-1048
CVE CVE-2019-1049
CVE CVE-2019-1053
CVE CVE-2019-1055
CVE CVE-2019-1080
CVE CVE-2019-1081
MSKB 4503269
MSKB 4503292
XREF MSFT:MS19-4503269
XREF MSFT:MS19-4503292
XREF CEA-ID:CEA-2020-0129
XREF CEA-ID:CEA-2019-0430
Plugin Information
Published: 2019/06/11, Modified: 2025/05/21
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4503292
- 4503269

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24475
126571 - KB4507456: Windows 7 and Windows Server 2008 R2 July 2019 Security Update (SWAPGS)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4507456 or cumulative update 4507449. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0887)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1063)

- An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2019-1085)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1102)

- A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application. The update addresses the vulnerability by correcting how the .NET web application handles web requests. (CVE-2019-1083)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1104)

- An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
(CVE-2019-1093, CVE-2019-1097)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116)

- A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2019-1113)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-1071)

- An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1108)

- An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges. The vulnerability exists in WCF, WIF 3.5 and above in .NET Framework, WIF 1.0 component in Windows, WIF Nuget package, and WIF implementation in SharePoint. An unauthenticated attacker can exploit this by signing a SAML token with any arbitrary symmetric key. This security update addresses the issue by ensuring all versions of WCF and WIF validate the key used to sign SAML tokens correctly.
(CVE-2019-1006)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1073)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1132)

- An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1088)

- An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. (CVE-2019-1089)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1096)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-1004, CVE-2019-1056, CVE-2019-1059)

- An elevation of privilege vulnerability exists in Microsoft Windows where a certain dll, with Local Service privilege, is vulnerable to race planting a customized dll. An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM. The update addresses this vulnerability by requiring system privileges for a certain DLL.
(CVE-2019-1082)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2019-1001)
- An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2019-1125)
See Also
Solution
Apply Security Only update KB4507456 or Cumulative Update KB4507449.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.5519
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2019/07/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4507449
- 4507456

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24499
131934 - KB4530692: Windows 7 and Windows Server 2008 R2 December 2019 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4530692 or cumulative update 4530734. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. (CVE-2019-1484)

- A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2019-1453)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1474)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1468)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1469)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1458)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1470)

- A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers.
An attacker could exploit the vulnerability to trigger warnings and false positives when no threat is present.
(CVE-2019-1488)

- An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.
(CVE-2019-1478)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1485)
See Also
Solution
Apply Security Only update KB4530692 or Cumulative Update KB4530734.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.922
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2019-1453
CVE CVE-2019-1458
CVE CVE-2019-1465
CVE CVE-2019-1466
CVE CVE-2019-1467
CVE CVE-2019-1468
CVE CVE-2019-1469
CVE CVE-2019-1470
CVE CVE-2019-1474
CVE CVE-2019-1478
CVE CVE-2019-1484
CVE CVE-2019-1485
CVE CVE-2019-1488
MSKB 4530692
MSKB 4530734
XREF IAVA:2019-A-0450
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF MSFT:MS19-4530692
XREF MSFT:MS19-4530734
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2019/12/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4530734
- 4530692

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24540
134864 - KB4537813: Windows 7 and Windows Server 2008 R2 February 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4537813 or cumulative update 4537820. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-0681, CVE-2020-0734)

- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-0738)

- An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0658)

- An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-0737)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-0668)

- An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory. (CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-0691)

- An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0680, CVE-2020-0682)

- An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. (CVE-2020-0665)

- An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.
An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0753, CVE-2020-0754)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2020-0736)

- A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. (CVE-2020-0662)

- An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0683, CVE-2020-0686)

- An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-0703)

- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0729)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0657)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731)

- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0730)

- An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. (CVE-2020-0705)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0744)

- A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0655)

- An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. (CVE-2020-0678)

- An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0666, CVE-2020-0667, CVE-2020-0735, CVE-2020-0752)

- An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2020-0698)

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0715, CVE-2020-0745)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2020-0673, CVE-2020-0674)

- A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.
(CVE-2020-0708)
See Also
Solution
Apply Security Only update KB4537813 or Cumulative Update KB4537820.

Please Note: These updates are only available through Microsoft's Extended Support Updates program.
This operating system is otherwise unsupported.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9364
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/03/24, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4537820
- 4537813

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24548
134865 - KB4541500: Windows 7 and Windows Server 2008 R2 March 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4541500 or cumulative update 4540688. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0824)

- An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-0814, CVE-2020-0842, CVE-2020-0843)

- An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
(CVE-2020-0787)

- An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. (CVE-2020-0871)

- A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. (CVE-2020-0645)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0788, CVE-2020-0877, CVE-2020-0887)

- An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845)

- An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. (CVE-2020-0844)

- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-0684)

- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-0785)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0874, CVE-2020-0879)

- An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.
An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2020-0806)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0774, CVE-2020-0880, CVE-2020-0882)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0881, CVE-2020-0883)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
(CVE-2020-0885)

- An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.
(CVE-2020-0772)

- An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0781, CVE-2020-0783)

- An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
(CVE-2020-0849)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2020-0832, CVE-2020-0833)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2020-0768, CVE-2020-0830)

- An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. (CVE-2020-0779)

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0791)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0847)

- An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
(CVE-2020-0769, CVE-2020-0771)

- An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.
There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-0853)

- An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. (CVE-2020-0822)

- An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-0770, CVE-2020-0773, CVE-2020-0860)
See Also
Solution
Apply Security Only update KB4541500 or Cumulative Update KB4540688.

Please Note: These updates are only available through Microsoft's Extended Support Updates program.
This operating system is otherwise unsupported.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.5828
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/03/24, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4540688
- 4541500

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24549
135472 - KB4550965: Windows 7 and Windows Server 2008 R2 April 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4550965 or cumulative update 4550964. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0962)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2020-0968)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008)

- A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-0965)

- An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1009)

- A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi- master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.
For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. (CVE-2020-0938, CVE-2020-1020)

- An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0946)

- An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1027)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-0821, CVE-2020-1007)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1000)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0687)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0964)

- An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1094)

- An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2020-1014)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0907)

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1004)

- An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1015)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0982, CVE-2020-0987, CVE-2020-1005)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-0956, CVE-2020-0957, CVE-2020-0958)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0895, CVE-2020-0966, CVE-2020-0967)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-0952)

- A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.
(CVE-2020-0993)

- An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. (CVE-2020-0955)
See Also
Solution
Apply Security Only update KB4550965 or Cumulative Update KB4550964.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.8957
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-0687
CVE CVE-2020-0821
CVE CVE-2020-0889
CVE CVE-2020-0895
CVE CVE-2020-0907
CVE CVE-2020-0938
CVE CVE-2020-0946
CVE CVE-2020-0952
CVE CVE-2020-0953
CVE CVE-2020-0955
CVE CVE-2020-0956
CVE CVE-2020-0957
CVE CVE-2020-0958
CVE CVE-2020-0959
CVE CVE-2020-0960
CVE CVE-2020-0962
CVE CVE-2020-0964
CVE CVE-2020-0965
CVE CVE-2020-0966
CVE CVE-2020-0967
CVE CVE-2020-0968
CVE CVE-2020-0982
CVE CVE-2020-0987
CVE CVE-2020-0988
CVE CVE-2020-0992
CVE CVE-2020-0993
CVE CVE-2020-0994
CVE CVE-2020-0995
CVE CVE-2020-0999
CVE CVE-2020-1000
CVE CVE-2020-1004
CVE CVE-2020-1005
CVE CVE-2020-1007
CVE CVE-2020-1008
CVE CVE-2020-1009
CVE CVE-2020-1014
CVE CVE-2020-1015
CVE CVE-2020-1020
CVE CVE-2020-1027
CVE CVE-2020-1094
MSKB 4550964
MSKB 4550965
XREF IAVA:2020-A-0139-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/06/13
XREF MSFT:MS20-4550964
XREF MSFT:MS20-4550965
XREF CEA-ID:CEA-2020-0031
Plugin Information
Published: 2020/04/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4550964
- 4550965

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24552
137260 - KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4561669 or cumulative update 4561643. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1270)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1348)

- A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. (CVE-2020-1281)

- An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder. (CVE-2020-1255)

- An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1291)

- An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2020-1302)

- An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1271)

- An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients.
An attacker who successfully exploited this vulnerability could run arbitrary code in a privileged process. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1314)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-1272)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1315)

- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1299)

- A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files. (CVE-2020-1300)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1219)

- A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations. An attacker who successfully exploited the vulnerability could cause a denial of service against a system.
(CVE-2020-1194)

- An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1263)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1160)

- An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1287)

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
(CVE-2020-1301)

- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1239)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1246, CVE-2020-1262)

- An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.
(CVE-2020-1212)

- An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1317)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1208, CVE-2020-1236)

- An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory.
An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1196)

- An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting how Windows handles calls to preclude unintended elevation. (CVE-2020-1254)

- An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1311)

- A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects. An attacker who successfully exploits the IE Mode vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. (CVE-2020-1220)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253)
See Also
Solution
Apply Security Only update KB4561669 or Cumulative Update KB4561643.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6162
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2020/06/09, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4561643
- 4561669

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24556
138460 - KB4565539: Windows 7 and Windows Server 2008 R2 July 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4565539 or cumulative update 4565524. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2020-1409)

- An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
(CVE-2020-1360)

- A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-1403)

- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-1374)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability:
(CVE-2020-1436)

- An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
(CVE-2020-1354, CVE-2020-1430)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1468)

- An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.
(CVE-2020-1365, CVE-2020-1371)

- An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. (CVE-2020-1437)

- An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
There are multiple ways an attacker could exploit this vulnerability: (CVE-2020-1397)

- A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files. (CVE-2020-1410)

- An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2020-1351)

- An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.
(CVE-2020-1333)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1408)

- An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
(CVE-2020-1346)

- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-1396)

- An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be exploited, a user must click a specially crafted URL that prompts the Skype app.
(CVE-2020-1432)

- An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. (CVE-2020-1402)

- A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)

- An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1359, CVE-2020-1384)

- An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438)

- An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1085)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1412)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1389, CVE-2020-1419)

- This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2020-1267)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1435)

- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2020-1421)
See Also
Solution
Apply Security Only update KB4565539 or Cumulative Update KB4565524.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.9343
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/07/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4565524
- 4565539

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24557
139491 - KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4571719 or cumulative update 4571729. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. (CVE-2020-1339)

- An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1475)

- An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
(CVE-2020-1577)

- An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system (CVE-2020-1383)

- A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. (CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1554)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1486)

- An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
(CVE-2020-1470, CVE-2020-1484, CVE-2020-1516)

- An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
(CVE-2020-1489, CVE-2020-1513)

- An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
(CVE-2020-1467)

- A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. (CVE-2020-1520)

- An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
(CVE-2020-1519, CVE-2020-1538)

- An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. (CVE-2020-1552)

- An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.
(CVE-2020-1515)

- An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. (CVE-2020-1517, CVE-2020-1518)

- An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1584)

- An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.
(CVE-2020-1530)

- An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
(CVE-2020-1537)

- An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-1534)

- An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. (CVE-2020-1472)

- An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.
(CVE-2020-1377, CVE-2020-1378)

- An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1337)

- An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2020-1474, CVE-2020-1485)

- An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. (CVE-2020-1587)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)

- A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. (CVE-2020-1567)

- An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1529)

- A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2020-1380, CVE-2020-1570)

- An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-1579)

- An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-1562)

- A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
(CVE-2020-1464)
See Also
Solution
Apply Security Only update KB4571719 or Cumulative Update KB4571729.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
10.0
EPSS Score
0.9438
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1046
CVE CVE-2020-1337
CVE CVE-2020-1339
CVE CVE-2020-1377
CVE CVE-2020-1378
CVE CVE-2020-1379
CVE CVE-2020-1380
CVE CVE-2020-1383
CVE CVE-2020-1464
CVE CVE-2020-1467
CVE CVE-2020-1470
CVE CVE-2020-1472
CVE CVE-2020-1473
CVE CVE-2020-1474
CVE CVE-2020-1475
CVE CVE-2020-1476
CVE CVE-2020-1477
CVE CVE-2020-1478
CVE CVE-2020-1484
CVE CVE-2020-1485
CVE CVE-2020-1486
CVE CVE-2020-1489
CVE CVE-2020-1513
CVE CVE-2020-1515
CVE CVE-2020-1516
CVE CVE-2020-1517
CVE CVE-2020-1518
CVE CVE-2020-1519
CVE CVE-2020-1520
CVE CVE-2020-1529
CVE CVE-2020-1530
CVE CVE-2020-1534
CVE CVE-2020-1537
CVE CVE-2020-1538
CVE CVE-2020-1552
CVE CVE-2020-1554
CVE CVE-2020-1557
CVE CVE-2020-1558
CVE CVE-2020-1562
CVE CVE-2020-1564
CVE CVE-2020-1567
CVE CVE-2020-1570
CVE CVE-2020-1577
CVE CVE-2020-1579
CVE CVE-2020-1584
CVE CVE-2020-1587
MSKB 4571719
MSKB 4571729
XREF IAVA:0001-A-0647
XREF IAVA:2020-A-0367-S
XREF IAVA:2020-A-0438-S
XREF IAVA:2021-A-0429-S
XREF IAVA:2021-A-0431-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF MSFT:MS20-4571719
XREF MSFT:MS20-4571729
XREF CISA-NCAS:AA22-011A
XREF CEA-ID:CEA-2020-0129
XREF CEA-ID:CEA-2020-0101
XREF CEA-ID:CEA-2021-0025
XREF CEA-ID:CEA-2021-0008
XREF CEA-ID:CEA-2020-0121
XREF CEA-ID:CEA-2023-0016
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/08/11, Modified: 2025/12/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4571729
- 4571719

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24559
140422 - KB4577053: Windows 7 and Windows Server 2008 R2 September 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4577053 or cumulative update 4577051. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. (CVE-2020-0648)

- An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1030)

- A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.
(CVE-2020-0836, CVE-2020-1228)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0921, CVE-2020-1083)

- A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account (CVE-2020-0718, CVE-2020-0761)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1245)

- A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects.
An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. (CVE-2020-1508, CVE-2020-1593)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-1039, CVE-2020-1074)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-1250)

- An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1052)

- An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. (CVE-2020-0912)

- An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1598)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-1589)

- A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-1285)

- A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
(CVE-2020-1038)

- A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2020-0790)

- An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. (CVE-2020-0782)

- A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. (CVE-2020-1319)

- An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. (CVE-2020-1031)

- A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-0922)

- A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. (CVE-2020-1596)

- An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
(CVE-2020-1376)

- An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Modules Installer handles objects in memory. (CVE-2020-0911)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2020-1256)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-1115)

- A remote code execution vulnerability exists when Windows improperly handles objects in memory.
(CVE-2020-1252)

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0878)

- An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: (CVE-2020-1012)

- An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.
(CVE-2020-1013)

- An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-1491)

- An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
(CVE-2020-1091, CVE-2020-1097)

- An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0838)

- An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.
(CVE-2020-0664, CVE-2020-0856)

- An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
(CVE-2020-1559)
See Also
Solution
Apply Security Only update KB4577053 or Cumulative Update KB4577051.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.3217
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-0648
CVE CVE-2020-0664
CVE CVE-2020-0718
CVE CVE-2020-0761
CVE CVE-2020-0782
CVE CVE-2020-0790
CVE CVE-2020-0836
CVE CVE-2020-0838
CVE CVE-2020-0856
CVE CVE-2020-0878
CVE CVE-2020-0911
CVE CVE-2020-0912
CVE CVE-2020-0921
CVE CVE-2020-0922
CVE CVE-2020-1012
CVE CVE-2020-1013
CVE CVE-2020-1030
CVE CVE-2020-1031
CVE CVE-2020-1038
CVE CVE-2020-1039
CVE CVE-2020-1052
CVE CVE-2020-1074
CVE CVE-2020-1083
CVE CVE-2020-1091
CVE CVE-2020-1097
CVE CVE-2020-1115
CVE CVE-2020-1228
CVE CVE-2020-1245
CVE CVE-2020-1250
CVE CVE-2020-1252
CVE CVE-2020-1256
CVE CVE-2020-1285
CVE CVE-2020-1319
CVE CVE-2020-1376
CVE CVE-2020-1491
CVE CVE-2020-1508
CVE CVE-2020-1559
CVE CVE-2020-1589
CVE CVE-2020-1593
CVE CVE-2020-1596
CVE CVE-2020-1598
MSKB 4577051
MSKB 4577053
XREF MSFT:MS20-4577051
XREF MSFT:MS20-4577053
XREF IAVA:2020-A-0408-S
XREF IAVA:2020-A-0423-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CEA-ID:CEA-2020-0118
Exploitable With
Core Impact (true)
Plugin Information
Published: 2020/09/08, Modified: 2024/11/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4577051
- 4577053

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24560
141431 - KB4580387: Windows 7 and Windows Server 2008 R2 October 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4580387 or cumulative update 4580345. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. (CVE-2020-16920)

- A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding. (CVE-2020-16863)

- An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-16887)

- An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2020-16940)

- A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. (CVE-2020-16923)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
(CVE-2020-16914)

- An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2020-16902)

- An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. (CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976)

- An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.
(CVE-2020-16916, CVE-2020-16935)

- An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.
(CVE-2020-16937)

- An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16889)

- A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.
(CVE-2020-16922)

- An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-16939)

- An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. (CVE-2020-16900)

- A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2020-16924)

- A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2020-16891)

- An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2020-16897)
See Also
Solution
Apply Security Only update KB4580387 or Cumulative Update KB4580345.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2221
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2020/10/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4580345
- 4580387

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24561
143572 - KB4592503: Windows 7 and Windows Server 2008 R2 December 2020 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4592503 or cumulative update 4592471. It is, therefore, affected by multiple vulnerabilities:

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17098, CVE-2020-17140)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964)
See Also
Solution
Apply Security Only update KB4592503 or Cumulative Update KB4592471.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1971
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-16958
CVE CVE-2020-16959
CVE CVE-2020-16960
CVE CVE-2020-16961
CVE CVE-2020-16962
CVE CVE-2020-16963
CVE CVE-2020-16964
CVE CVE-2020-17098
CVE CVE-2020-17140
MSKB 4592471
MSKB 4592503
XREF MSFT:MS20-4592471
XREF MSFT:MS20-4592503
XREF IAVA:2020-A-0561-S
XREF IAVA:2020-A-0562-S
Plugin Information
Published: 2020/12/08, Modified: 2025/08/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4592471
- 4592503

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24563
147231 - KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5000851 or cumulative update 5000841. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26861, CVE-2021-26877, CVE-2021-26881, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-24107, CVE-2021-26869)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-1640, CVE-2021-26862, CVE-2021-26872, CVE-2021-26873, CVE-2021-26875, CVE-2021-26878, CVE-2021-26882, CVE-2021-26898, CVE-2021-26899, CVE-2021-26901, CVE-2021-27077)

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-26411)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26896, CVE-2021-27063)
See Also
Solution
Apply Security Only update KB5000851 or Cumulative Update KB5000841.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9247
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1640
CVE CVE-2021-24107
CVE CVE-2021-26411
CVE CVE-2021-26861
CVE CVE-2021-26862
CVE CVE-2021-26869
CVE CVE-2021-26872
CVE CVE-2021-26873
CVE CVE-2021-26875
CVE CVE-2021-26877
CVE CVE-2021-26878
CVE CVE-2021-26881
CVE CVE-2021-26882
CVE CVE-2021-26893
CVE CVE-2021-26894
CVE CVE-2021-26895
CVE CVE-2021-26896
CVE CVE-2021-26897
CVE CVE-2021-26898
CVE CVE-2021-26899
CVE CVE-2021-26901
CVE CVE-2021-27063
CVE CVE-2021-27077
MSKB 5000841
MSKB 5000851
XREF MSFT:MS21-5000841
XREF MSFT:MS21-5000851
XREF IAVA:2021-A-0130-S
XREF IAVA:2021-A-0134-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
XREF CEA-ID:CEA-2021-0015
Exploitable With
CANVAS (true)
Plugin Information
Published: 2021/03/09, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5000841
- 5000851

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24566
148466 - KB5001335: Windows 7 and Windows Server 2008 R2 Security Update (Apr 2021)
-
Synopsis
The remote host is missing one or more security updates.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)

- RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)

- Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)

- Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)

- NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)

- Windows Installer Spoofing Vulnerability (CVE-2021-26413)

- Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)

- Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)

- Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)

- Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)

- Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)

- Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)

- Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)

- Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)

- Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)

- Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445)
- Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
- KB5001335
- KB5001392
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.178
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/04/13, Modified: 2024/11/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5001335
- 5001392

- C:\Windows\system32\inetcomm.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24576
150368 - KB5003694: Windows 7 and Windows Server 2008 R2 Security Update (June 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5003694. It is, therefore, affected by multiple vulnerabilities
See Also
Solution
Apply Cumulative Update 5003694
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9431
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-1675
CVE CVE-2021-26414
CVE CVE-2021-31199
CVE CVE-2021-31201
CVE CVE-2021-31953
CVE CVE-2021-31954
CVE CVE-2021-31956
CVE CVE-2021-31958
CVE CVE-2021-31959
CVE CVE-2021-31962
CVE CVE-2021-31968
CVE CVE-2021-31971
CVE CVE-2021-31973
CVE CVE-2021-33742
MSKB 5003667
MSKB 5003694
XREF MSFT:MS21-5003667
XREF MSFT:MS21-5003694
XREF IAVA:2021-A-0280-S
XREF IAVA:2021-A-0279-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
XREF CEA-ID:CEA-2021-0032
Exploitable With
Core Impact (true)
Plugin Information
Published: 2021/06/08, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5003694
- 5003667

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25631
151611 - KB5004307: Windows 7 and Windows Server 2008 R2 Security Update (July 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5004307. It is, therefore, affected by multiple vulnerabilities.
Solution
Apply Security Update 5004307
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.1713
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/07/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5004307
- 5004289

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25661
151476 - KB5004951: Windows 7 and Windows Server 2008 R2 OOB Security Update RCE (July 2021)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.
See Also
Solution
Apply Cumulative Update 5004951
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9427
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-34527
MSKB 5004951
MSKB 5004953
XREF IAVA:2021-A-0299
XREF MSFT:MS21-5004951
XREF MSFT:MS21-5004953
XREF CEA-ID:CEA-2021-0034
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2021/07/08, Modified: 2025/12/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5004951

- C:\Windows\system32\localspl.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25633
153379 - KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5005615 or cumulative update 5005633. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)

- An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.
(CVE-2021-26435)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)
See Also
Solution
Apply Security Only update KB5005615 or Cumulative Update KB5005633.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.2147
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26435
CVE CVE-2021-36955
CVE CVE-2021-36958
CVE CVE-2021-36959
CVE CVE-2021-36960
CVE CVE-2021-36961
CVE CVE-2021-36962
CVE CVE-2021-36963
CVE CVE-2021-36964
CVE CVE-2021-36965
CVE CVE-2021-36968
CVE CVE-2021-36969
CVE CVE-2021-38628
CVE CVE-2021-38629
CVE CVE-2021-38630
CVE CVE-2021-38633
CVE CVE-2021-38635
CVE CVE-2021-38636
CVE CVE-2021-38638
CVE CVE-2021-38639
CVE CVE-2021-38667
CVE CVE-2021-38671
CVE CVE-2021-40447
MSKB 5005615
MSKB 5005633
XREF MSFT:MS21-5005615
XREF MSFT:MS21-5005633
XREF IAVA:2021-A-0431-S
XREF IAVA:2021-A-0429-S
XREF CISA-KNOWN-EXPLOITED:2021/11/17
Exploitable With
Core Impact (true)
Plugin Information
Published: 2021/09/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5005615
- 5005633

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25704
154035 - KB5006728: Windows 7 and Windows Server 2008 R2 Security Update (October 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5006728. It is, therefore, affected by multiple vulnerabilities
Solution
Apply Security Update 5006728 or apply Cumulative Update 5006743
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.9189
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26442
CVE CVE-2021-36953
CVE CVE-2021-36970
CVE CVE-2021-38662
CVE CVE-2021-38663
CVE CVE-2021-40443
CVE CVE-2021-40449
CVE CVE-2021-40455
CVE CVE-2021-40460
CVE CVE-2021-40465
CVE CVE-2021-40466
CVE CVE-2021-40467
CVE CVE-2021-40469
CVE CVE-2021-40489
CVE CVE-2021-41331
CVE CVE-2021-41332
CVE CVE-2021-41335
CVE CVE-2021-41340
CVE CVE-2021-41343
MSKB 5006728
MSKB 5006743
XREF IAVA:2021-A-0472-S
XREF IAVA:2021-A-0475-S
XREF CISA-KNOWN-EXPLOITED:2021/12/01
XREF MSFT:MS21-5006728
XREF MSFT:MS21-5006743
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2021/10/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5006728
- 5006743

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25740
154984 - KB5007233: Windows 7 and Windows Server 2008 R2 Security Update (November 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5007233 or cumulative update 5007236. It is, therefore, affected by multiple vulnerabilities:

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38631, CVE-2021-38665, CVE-2021-41371)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-41367, CVE-2021-41370, CVE-2021-41377, CVE-2021-41379, CVE-2021-42278, CVE-2021-42282, CVE-2021-42283, CVE-2021-42285, CVE-2021-42287, CVE-2021-42291)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-38666, CVE-2021-42275)
See Also
Solution
Apply Security Only update KB5007233 or Cumulative Update KB5007236.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9407
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-38631
CVE CVE-2021-38665
CVE CVE-2021-38666
CVE CVE-2021-41367
CVE CVE-2021-41370
CVE CVE-2021-41371
CVE CVE-2021-41377
CVE CVE-2021-41379
CVE CVE-2021-42275
CVE CVE-2021-42278
CVE CVE-2021-42282
CVE CVE-2021-42283
CVE CVE-2021-42285
CVE CVE-2021-42287
CVE CVE-2021-42291
MSKB 5007233
MSKB 5007236
XREF MSFT:MS21-5007233
XREF MSFT:MS21-5007236
XREF IAVA:2021-A-0539-S
XREF IAVA:2021-A-0545-S
XREF CISA-KNOWN-EXPLOITED:2022/03/17
XREF CISA-KNOWN-EXPLOITED:2022/05/02
XREF CEA-ID:CEA-2021-0053
Plugin Information
Published: 2021/11/09, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5007233
- 5007236

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25767
156627 - KB5009621: Windows 7 and Windows Server 2008 R2 Security Update (January 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5009621.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21850, CVE-2022-21851, CVE-2022-21893, CVE-2022-21928)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21880, CVE-2022-21904, CVE-2022-21915)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-21900, CVE-2022-21905, CVE-2022-21913, CVE-2022-21924)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2022-21836)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21833, CVE-2022-21834, CVE-2022-21835, CVE-2022-21838, CVE-2022-21857, CVE-2022-21859, CVE-2022-21862, CVE-2022-21884, CVE-2022-21885, CVE-2022-21895, CVE-2022-21897, CVE-2022-21903, CVE-2022-21908, CVE-2022-21914, CVE-2022-21916, CVE-2022-21919, CVE-2022-21920)
See Also
Solution
Apply Security Update 5009621 or Cumulative Update 5009610
Risk Factor
High
CVSS v3.0 Base Score
8.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.1594
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/01/11, Modified: 2024/11/27
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5009621
- 5009610

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25827
157427 - KB5010422: Windows 7 and Windows Server 2008 R2 Security Update (February 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5010422. It is, therefore, affected by multiple vulnerabilities

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21998)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-22002)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21993)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21989, CVE-2022-21997, CVE-2022-21999, CVE-2022-22000, CVE-2022-22001)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Cumulative Update 5010404 or Security Update 5010422
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.7136
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21981
CVE CVE-2022-21985
CVE CVE-2022-21989
CVE CVE-2022-21997
CVE CVE-2022-21998
CVE CVE-2022-21999
CVE CVE-2022-22000
CVE CVE-2022-22710
CVE CVE-2022-22717
CVE CVE-2022-22718
MSKB 5010404
MSKB 5010422
XREF MSFT:MS22-5010404
XREF MSFT:MS22-5010422
XREF IAVA:2022-A-0068-S
XREF IAVA:2022-A-0074-S
XREF CISA-KNOWN-EXPLOITED:2022/04/15
XREF CISA-KNOWN-EXPLOITED:2022/05/10
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/02/08, Modified: 2025/05/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5010422
- 5010404

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25860
158718 - KB5011529: Windows 7 and Windows Server 2008 R2 (March 2022) Security Update
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5011529 or cumulative update 5011529. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-23283, CVE-2022-23290, CVE-2022-23293, CVE-2022-23296, CVE-2022-23298, CVE-2022-23299, CVE-2022-24454, CVE-2022-24459)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-23253)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-24502)
See Also
Solution
Apply Security Only update 5011552 or Cumulative Update 5011529.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3021
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21990
CVE CVE-2022-23253
CVE CVE-2022-23281
CVE CVE-2022-23283
CVE CVE-2022-23285
CVE CVE-2022-23290
CVE CVE-2022-23293
CVE CVE-2022-23296
CVE CVE-2022-23297
CVE CVE-2022-23298
CVE CVE-2022-23299
CVE CVE-2022-24454
CVE CVE-2022-24459
CVE CVE-2022-24502
CVE CVE-2022-24503
MSKB 5011529
MSKB 5011552
XREF MSFT:MS22-5011529
XREF MSFT:MS22-5011552
XREF IAVA:2022-A-0112-S
XREF IAVA:2022-A-0111-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/03/08, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5011552
- 5011529

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25895
160937 - KB5013999: Windows 7 and Windows Server 2008 R2 Security Update (May 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5013999. It is, therefore, affected by multiple vulnerabilities

- Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)

- Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-22019)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5013999 or Cumulative Update 5014012
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.6558
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21972
CVE CVE-2022-22011
CVE CVE-2022-22012
CVE CVE-2022-22013
CVE CVE-2022-22014
CVE CVE-2022-22015
CVE CVE-2022-22019
CVE CVE-2022-23270
CVE CVE-2022-26925
CVE CVE-2022-26926
CVE CVE-2022-26931
CVE CVE-2022-26934
CVE CVE-2022-26935
CVE CVE-2022-26936
CVE CVE-2022-26937
CVE CVE-2022-29103
CVE CVE-2022-29105
CVE CVE-2022-29112
CVE CVE-2022-29115
CVE CVE-2022-29121
CVE CVE-2022-29127
CVE CVE-2022-29128
CVE CVE-2022-29129
CVE CVE-2022-29130
CVE CVE-2022-29132
CVE CVE-2022-29137
CVE CVE-2022-29139
CVE CVE-2022-29141
CVE CVE-2022-30138
MSKB 5013999
MSKB 5014012
XREF MSFT:MS22-5013999
XREF MSFT:MS22-5014012
XREF IAVA:2022-A-0204-S
XREF IAVA:2022-A-0203-S
XREF CISA-KNOWN-EXPLOITED:2022/07/22
Plugin Information
Published: 2022/05/10, Modified: 2025/01/07
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5014012
- 5013999

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25954
162191 - KB5014742: Windows 7 and Windows Server 2008 R2 Security Update (June 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5014742. It is, therefore, affected by multiple vulnerabilities

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)

- Windows Hyper-V Remote Code Execution Vulnerability (CVE-2022-30163)

- Local Security Authority Subsystem Service Elevation of Privilege Vulnerability (CVE-2022-30166)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5014742 or Cumulative Update 5014748
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.936
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21123
CVE CVE-2022-21125
CVE CVE-2022-21127
CVE CVE-2022-21166
CVE CVE-2022-30135
CVE CVE-2022-30140
CVE CVE-2022-30141
CVE CVE-2022-30142
CVE CVE-2022-30143
CVE CVE-2022-30146
CVE CVE-2022-30147
CVE CVE-2022-30149
CVE CVE-2022-30151
CVE CVE-2022-30152
CVE CVE-2022-30153
CVE CVE-2022-30155
CVE CVE-2022-30160
CVE CVE-2022-30161
CVE CVE-2022-30163
CVE CVE-2022-30166
CVE CVE-2022-30190
MSKB 5014742
MSKB 5014748
XREF MSFT:MS22-5014742
XREF MSFT:MS22-5014748
XREF IAVA:2022-A-0240-S
XREF IAVA:2022-A-0241-S
XREF CISA-KNOWN-EXPLOITED:2022/07/05
XREF CEA-ID:CEA-2022-0022
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/06/14, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5014748
- 5014742

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.25983
163050 - KB5015862: Windows 7 and Windows Server 2008 R2 Security Update (July 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5015862 or cumulative update 5015866. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-22024, CVE-2022-22027, CVE-2022-22029, CVE-2022-22038, CVE-2022-22039, CVE-2022-30211, CVE-2022-30221)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-22023, CVE-2022-22048, CVE-2022-30203)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-22022, CVE-2022-22026, CVE-2022-22034, CVE-2022-22036, CVE-2022-22037, CVE-2022-22041, CVE-2022-22047, CVE-2022-22049, CVE-2022-22050, CVE-2022-30202, CVE-2022-30205, CVE-2022-30206, CVE-2022-30209, CVE-2022-30220, CVE-2022-30224, CVE-2022-30225, CVE-2022-30226).

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5015862 or Cumulative Update 5015861
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.4513
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21845
CVE CVE-2022-22022
CVE CVE-2022-22023
CVE CVE-2022-22024
CVE CVE-2022-22025
CVE CVE-2022-22026
CVE CVE-2022-22027
CVE CVE-2022-22028
CVE CVE-2022-22029
CVE CVE-2022-22034
CVE CVE-2022-22036
CVE CVE-2022-22037
CVE CVE-2022-22039
CVE CVE-2022-22040
CVE CVE-2022-22042
CVE CVE-2022-22043
CVE CVE-2022-22047
CVE CVE-2022-22048
CVE CVE-2022-22049
CVE CVE-2022-22050
CVE CVE-2022-30202
CVE CVE-2022-30203
CVE CVE-2022-30205
CVE CVE-2022-30206
CVE CVE-2022-30208
CVE CVE-2022-30209
CVE CVE-2022-30211
CVE CVE-2022-30213
CVE CVE-2022-30220
CVE CVE-2022-30221
CVE CVE-2022-30223
CVE CVE-2022-30224
CVE CVE-2022-30225
CVE CVE-2022-30226
MSKB 5015861
MSKB 5015862
XREF MSFT:MS22-5015861
XREF MSFT:MS22-5015862
XREF CISA-KNOWN-EXPLOITED:2022/08/02
XREF IAVA:2022-A-0272-S
XREF IAVA:2022-A-0273-S
XREF CEA-ID:CEA-2022-0026
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/07/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5015862
- 5015861

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26022
166024 - KB5018479: Windows 7 / Windows Server 2008 R2 Security Update (October 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5018479. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)

- Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2022-37976)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5018479 or Cumulative Update 5018454
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.246
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/10/11, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5018479
- 5018454

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26174
167103 - KB5020013: Windows Server 2008 R2 Security Update (November 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5020013. It is, therefore, affected by multiple vulnerabilities

- Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability (CVE-2022-41090, CVE-2022-41116)

- AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions (CVE-2022-23824)

- Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5020013 or Cumulative Update 5020000
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.3924
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-23824
CVE CVE-2022-37966
CVE CVE-2022-37967
CVE CVE-2022-37992
CVE CVE-2022-38023
CVE CVE-2022-41039
CVE CVE-2022-41044
CVE CVE-2022-41045
CVE CVE-2022-41047
CVE CVE-2022-41048
CVE CVE-2022-41053
CVE CVE-2022-41056
CVE CVE-2022-41057
CVE CVE-2022-41058
CVE CVE-2022-41073
CVE CVE-2022-41086
CVE CVE-2022-41090
CVE CVE-2022-41095
CVE CVE-2022-41097
CVE CVE-2022-41098
CVE CVE-2022-41109
CVE CVE-2022-41116
CVE CVE-2022-41118
CVE CVE-2022-41128
MSKB 5020000
MSKB 5020013
XREF MSFT:MS22-5020000
XREF MSFT:MS22-5020013
XREF IAVA:2022-A-0484-S
XREF IAVA:2022-A-0473-S
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
XREF CISA-KNOWN-EXPLOITED:2022/12/09
Plugin Information
Published: 2022/11/08, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5020013
- 5020000

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26220
168681 - KB5021288: Windows Server 2008 R2 Security Update (December 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5021288. It is, therefore, affected by multiple vulnerabilities

- PowerShell Remote Code Execution Vulnerability (CVE-2022-41076)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-44670, CVE-2022-44676)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5021288 or Cumulative Update 5021291
Risk Factor
High
CVSS v3.0 Base Score
8.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.6798
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41074
CVE CVE-2022-41076
CVE CVE-2022-41077
CVE CVE-2022-41094
CVE CVE-2022-41121
CVE CVE-2022-44666
CVE CVE-2022-44667
CVE CVE-2022-44668
CVE CVE-2022-44670
CVE CVE-2022-44673
CVE CVE-2022-44675
CVE CVE-2022-44676
CVE CVE-2022-44678
CVE CVE-2022-44681
CVE CVE-2022-44697
MSKB 5021288
MSKB 5021291
XREF MSFT:MS22-5021288
XREF MSFT:MS22-5021291
XREF IAVA:2022-A-0530-S
XREF IAVA:2022-A-0533-S
Plugin Information
Published: 2022/12/13, Modified: 2024/07/01
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5021291
- 5021288

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26262
169781 - KB5022339: Windows Server 2008 R2 Security Update (January 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022339. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-21732)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21681)

- Microsoft Cryptographic Services Elevation of Privilege Vulnerability (CVE-2023-21561, CVE-2023-21730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022339 or Cumulative Update 5022338
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.6149
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/01/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022339
- 5022338

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26321
181299 - KB5030261: Windows Server 2008 R2 Security Update (September 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5030261. It is, therefore, affected by multiple vulnerabilities

- Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)

- DHCP Server Service Information Disclosure Vulnerability (CVE-2023-36801, CVE-2023-38152)

- Windows TCP/IP Denial of Service Vulnerability (CVE-2023-38149)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5030261 or Cumulative Update 5030265
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0541
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36801
CVE CVE-2023-36804
CVE CVE-2023-38139
CVE CVE-2023-38141
CVE CVE-2023-38142
CVE CVE-2023-38143
CVE CVE-2023-38144
CVE CVE-2023-38149
CVE CVE-2023-38152
CVE CVE-2023-38160
CVE CVE-2023-38161
MSKB 5030261
MSKB 5030265
XREF MSFT:MS23-5030261
XREF MSFT:MS23-5030265
XREF IAVA:2023-A-0472-S
XREF IAVA:2023-A-0471-S
Plugin Information
Published: 2023/09/12, Modified: 2024/09/24
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5030265
- 5030261

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26713
186781 - KB5033424: Windows Server 2008 R2 Security Update (December 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033424. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)

- A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)

- Windows Media Remote Code Execution Vulnerability (CVE-2023-21740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5033424 or Cumulative Update 5033433
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.171
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-20588
CVE CVE-2023-21740
CVE CVE-2023-35622
CVE CVE-2023-35628
CVE CVE-2023-35629
CVE CVE-2023-35630
CVE CVE-2023-35632
CVE CVE-2023-35633
CVE CVE-2023-35639
CVE CVE-2023-35641
CVE CVE-2023-35642
CVE CVE-2023-36004
CVE CVE-2023-36005
CVE CVE-2023-36006
CVE CVE-2023-36012
MSKB 5033424
MSKB 5033433
XREF MSFT:MS23-5033424
XREF MSFT:MS23-5033433
XREF IAVA:2023-A-0689-S
XREF IAVA:2023-A-0690-S
Plugin Information
Published: 2023/12/12, Modified: 2024/09/24
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5033433
- 5033424

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26863
187805 - KB5034167: Windows Server 2008 R2 Security Update (January 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034167. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)

- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

- Windows Group Policy Elevation of Privilege Vulnerability (CVE-2024-20657)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034167 or Cumulative Update 5034169
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.1504
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-20652
CVE CVE-2024-20653
CVE CVE-2024-20654
CVE CVE-2024-20655
CVE CVE-2024-20657
CVE CVE-2024-20660
CVE CVE-2024-20661
CVE CVE-2024-20662
CVE CVE-2024-20663
CVE CVE-2024-20664
CVE CVE-2024-20674
CVE CVE-2024-20680
CVE CVE-2024-20683
CVE CVE-2024-20691
CVE CVE-2024-20692
CVE CVE-2024-21307
CVE CVE-2024-21311
CVE CVE-2024-21313
CVE CVE-2024-21314
MSKB 5034167
MSKB 5034169
XREF MSFT:MS24-5034167
XREF MSFT:MS24-5034169
XREF IAVA:2024-A-0015-S
XREF IAVA:2024-A-0016-S
Plugin Information
Published: 2024/01/09, Modified: 2024/09/24
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034169
- 5034167

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26909
190478 - KB5034809: Windows Server 2008 R2 Security Update (February 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034809. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21375, CVE-2024-21391, CVE-2024-21420)

- Windows Kernel Information Disclosure Vulnerability (CVE-2024-21340)

- Microsoft ActiveX Data Objects Remote Code Execution Vulnerability (CVE-2024-21349)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034809 or Cumulative Update 5034831
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.4443
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/02/13, Modified: 2024/09/24
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034831
- 5034809

- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.26959
191933 - KB5035919: Windows Server 2008 R2 Security Update (March 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5035919. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)

- Windows Telephony Server Elevation of Privilege Vulnerability (CVE-2024-21439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5035919 or Cumulative Update 5035888
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.1047
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-28746
CVE CVE-2024-21429
CVE CVE-2024-21436
CVE CVE-2024-21437
CVE CVE-2024-21439
CVE CVE-2024-21440
CVE CVE-2024-21441
CVE CVE-2024-21444
CVE CVE-2024-21446
CVE CVE-2024-21450
CVE CVE-2024-21451
CVE CVE-2024-26159
CVE CVE-2024-26161
CVE CVE-2024-26162
CVE CVE-2024-26166
CVE CVE-2024-26173
CVE CVE-2024-26174
CVE CVE-2024-26176
CVE CVE-2024-26177
CVE CVE-2024-26178
CVE CVE-2024-26181
MSKB 5035888
MSKB 5035919
XREF MSFT:MS24-5035888
XREF MSFT:MS24-5035919
XREF IAVA:2024-A-0149-S
XREF IAVA:2024-A-0148-S
Plugin Information
Published: 2024/03/12, Modified: 2024/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5035919
- 5035888

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27017
193092 - KB5036922: Windows Server 2008 R2 Security Update (April 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5036922. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26214)

- Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-26179, CVE-2024-26200, CVE-2024-26205)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5036922 or Cumulative Update 5036967
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.8317
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/04/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5036967
- 5036922

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27066
197012 - KB5037803: Windows Server 2008 R2 Security Update (May 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5037803. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30029)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, CVE-2024-30025, CVE-2024-30037)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-30006)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5037803 or Cumulative Update 5037780
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.1285
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/05/14, Modified: 2025/01/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5037803
- 5037780

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27117
200346 - KB5039274: Windows Server 2008 R2 Security Update (June 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5039274. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080)

- Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability (CVE-2024-30074, CVE-2024-30075)

- Windows OLE Remote Code Execution Vulnerability (CVE-2024-30077)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5039274 or Cumulative Update 5039289
Risk Factor
Critical
CVSS v3.0 Base Score
8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.5369
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-30063
CVE CVE-2024-30074
CVE CVE-2024-30075
CVE CVE-2024-30077
CVE CVE-2024-30078
CVE CVE-2024-30080
CVE CVE-2024-30082
CVE CVE-2024-30084
CVE CVE-2024-30087
CVE CVE-2024-30090
CVE CVE-2024-30091
CVE CVE-2024-30093
CVE CVE-2024-30094
CVE CVE-2024-30095
CVE CVE-2024-35250
MSKB 5039274
MSKB 5039289
XREF MSFT:MS24-5039274
XREF MSFT:MS24-5039289
XREF IAVA:2024-A-0343-S
XREF IAVA:2024-A-0345-S
XREF CISA-KNOWN-EXPLOITED:2025/01/06
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2024/06/11, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5039289
- 5039274

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27166
210852 - KB5046705: Windows Server 2008 R2 Security Update (November 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5046705. It is, therefore, affected by multiple vulnerabilities

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43627, CVE-2024-43628, CVE-2024-43635)

- Windows NT OS Kernel Elevation of Privilege Vulnerability (CVE-2024-43623)

- Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5046705 or Cumulative Update 5046687
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.9031
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38203
CVE CVE-2024-43449
CVE CVE-2024-43450
CVE CVE-2024-43451
CVE CVE-2024-43620
CVE CVE-2024-43621
CVE CVE-2024-43622
CVE CVE-2024-43623
CVE CVE-2024-43626
CVE CVE-2024-43627
CVE CVE-2024-43628
CVE CVE-2024-43634
CVE CVE-2024-43635
CVE CVE-2024-43637
CVE CVE-2024-43638
CVE CVE-2024-43641
CVE CVE-2024-43643
CVE CVE-2024-43644
CVE CVE-2024-49019
CVE CVE-2024-49046
MSKB 5046687
MSKB 5046705
XREF MSFT:MS24-5046687
XREF MSFT:MS24-5046705
XREF CISA-KNOWN-EXPLOITED:2024/12/03
XREF IAVA:2024-A-0729-S
XREF IAVA:2024-A-0730-S
Plugin Information
Published: 2024/11/12, Modified: 2025/05/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5046705
- 5046687

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27412
212240 - KB5048676: Windows Server 2008 R2 Security Update (December 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5048676. It is, therefore, affected by multiple vulnerabilities

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49090)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2024-49112)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49138)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5048676 or Cumulative Update 5048695
Risk Factor
Critical
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.0 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.8902
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-49072
CVE CVE-2024-49080
CVE CVE-2024-49082
CVE CVE-2024-49084
CVE CVE-2024-49085
CVE CVE-2024-49086
CVE CVE-2024-49088
CVE CVE-2024-49089
CVE CVE-2024-49090
CVE CVE-2024-49096
CVE CVE-2024-49102
CVE CVE-2024-49104
CVE CVE-2024-49105
CVE CVE-2024-49112
CVE CVE-2024-49113
CVE CVE-2024-49118
CVE CVE-2024-49121
CVE CVE-2024-49122
CVE CVE-2024-49124
CVE CVE-2024-49125
CVE CVE-2024-49126
CVE CVE-2024-49127
CVE CVE-2024-49138
MSKB 5048676
MSKB 5048695
XREF MSFT:MS24-5048676
XREF MSFT:MS24-5048695
XREF CISA-KNOWN-EXPLOITED:2024/12/31
XREF IAVA:2024-A-0812-S
XREF IAVA:2024-A-0811-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/12/10, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5048695
- 5048676

- C:\Windows\system32\shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27462
214112 - KB5050006: Windows Server 2008 R2 Security Update (January 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5050006. It is, therefore, affected by multiple vulnerabilities

- Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21223, CVE-2025-21233, CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21240, CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21250, CVE-2025-21252, CVE-2025-21266, CVE-2025-21273, CVE-2025-21282, CVE-2025-21286, CVE-2025-21302, CVE-2025-21303, CVE-2025-21305, CVE-2025-21306, CVE-2025-21339, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417)

- Windows BitLocker Information Disclosure Vulnerability (CVE-2025-21210, CVE-2025-21214)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5050006 or Cumulative Update 5050049
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7687
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-21189
CVE CVE-2025-21210
CVE CVE-2025-21214
CVE CVE-2025-21215
CVE CVE-2025-21217
CVE CVE-2025-21220
CVE CVE-2025-21223
CVE CVE-2025-21226
CVE CVE-2025-21227
CVE CVE-2025-21228
CVE CVE-2025-21230
CVE CVE-2025-21231
CVE CVE-2025-21232
CVE CVE-2025-21233
CVE CVE-2025-21236
CVE CVE-2025-21237
CVE CVE-2025-21238
CVE CVE-2025-21240
CVE CVE-2025-21242
CVE CVE-2025-21243
CVE CVE-2025-21244
CVE CVE-2025-21245
CVE CVE-2025-21246
CVE CVE-2025-21249
CVE CVE-2025-21250
CVE CVE-2025-21251
CVE CVE-2025-21252
CVE CVE-2025-21255
CVE CVE-2025-21256
CVE CVE-2025-21258
CVE CVE-2025-21260
CVE CVE-2025-21261
CVE CVE-2025-21263
CVE CVE-2025-21265
CVE CVE-2025-21266
CVE CVE-2025-21268
CVE CVE-2025-21269
CVE CVE-2025-21270
CVE CVE-2025-21272
CVE CVE-2025-21273
CVE CVE-2025-21276
CVE CVE-2025-21277
CVE CVE-2025-21282
CVE CVE-2025-21285
CVE CVE-2025-21286
CVE CVE-2025-21287
CVE CVE-2025-21288
CVE CVE-2025-21289
CVE CVE-2025-21290
CVE CVE-2025-21294
CVE CVE-2025-21295
CVE CVE-2025-21296
CVE CVE-2025-21297
CVE CVE-2025-21298
CVE CVE-2025-21300
CVE CVE-2025-21302
CVE CVE-2025-21303
CVE CVE-2025-21305
CVE CVE-2025-21306
CVE CVE-2025-21307
CVE CVE-2025-21310
CVE CVE-2025-21319
CVE CVE-2025-21320
CVE CVE-2025-21324
CVE CVE-2025-21327
CVE CVE-2025-21328
CVE CVE-2025-21329
CVE CVE-2025-21331
CVE CVE-2025-21332
CVE CVE-2025-21336
CVE CVE-2025-21338
CVE CVE-2025-21339
CVE CVE-2025-21341
CVE CVE-2025-21389
CVE CVE-2025-21409
CVE CVE-2025-21411
CVE CVE-2025-21413
CVE CVE-2025-21417
MSKB 5050006
MSKB 5050049
XREF MSFT:MS25-5050006
XREF MSFT:MS25-5050049
XREF IAVA:2025-A-0034-S
XREF IAVA:2025-A-0033-S
XREF CWE:20
XREF CWE:41
XREF CWE:59
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:191
XREF CWE:200
XREF CWE:203
XREF CWE:269
XREF CWE:400
XREF CWE:416
XREF CWE:476
XREF CWE:532
XREF CWE:591
XREF CWE:636
XREF CWE:693
XREF CWE:908
Plugin Information
Published: 2025/01/14, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5050049
- 5050006

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27520
216123 - KB5052032: Windows Server 2008 R2 Security Update (February 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5052032. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2025-21208, CVE-2025-21410)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21190, CVE-2025-21200, CVE-2025-21371, CVE-2025-21406, CVE-2025-21407)

- Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21368, CVE-2025-21369)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5052032 or Cumulative Update 5052016
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.168
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-21181
CVE CVE-2025-21190
CVE CVE-2025-21200
CVE CVE-2025-21201
CVE CVE-2025-21208
CVE CVE-2025-21337
CVE CVE-2025-21350
CVE CVE-2025-21352
CVE CVE-2025-21359
CVE CVE-2025-21368
CVE CVE-2025-21369
CVE CVE-2025-21371
CVE CVE-2025-21373
CVE CVE-2025-21375
CVE CVE-2025-21376
CVE CVE-2025-21377
CVE CVE-2025-21406
CVE CVE-2025-21407
CVE CVE-2025-21410
CVE CVE-2025-21418
CVE CVE-2025-21419
MSKB 5052016
MSKB 5052032
XREF MSFT:MS25-5052016
XREF MSFT:MS25-5052032
XREF CISA-KNOWN-EXPLOITED:2025/03/04
XREF IAVA:2025-A-0109-S
XREF IAVA:2025-A-0110-S
XREF CWE:20
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:190
XREF CWE:191
XREF CWE:284
XREF CWE:362
XREF CWE:400
XREF CWE:415
XREF CWE:416
Plugin Information
Published: 2025/02/11, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5052032
- 5052016

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27566
232608 - KB5053627: Windows Server 2008 R2 Security Update (March 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5053627. It is, therefore, affected by multiple vulnerabilities

- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. (CVE-2025-26645)

- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. (CVE-2025-24035)

- ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record's reference information. (CVE-2024-9157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5053627 or Cumulative Update 5053620
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.166
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9157
CVE CVE-2025-21180
CVE CVE-2025-21247
CVE CVE-2025-24035
CVE CVE-2025-24051
CVE CVE-2025-24054
CVE CVE-2025-24055
CVE CVE-2025-24056
CVE CVE-2025-24059
CVE CVE-2025-24064
CVE CVE-2025-24072
CVE CVE-2025-24983
CVE CVE-2025-24985
CVE CVE-2025-24987
CVE CVE-2025-24988
CVE CVE-2025-24991
CVE CVE-2025-24992
CVE CVE-2025-24993
CVE CVE-2025-24996
CVE CVE-2025-26633
CVE CVE-2025-26645
MSKB 5053620
MSKB 5053627
XREF MSFT:MS25-5053620
XREF MSFT:MS25-5053627
XREF IAVA:2025-A-0181-S
XREF IAVA:2025-A-0182-S
XREF CISA-KNOWN-EXPLOITED:2025/05/08
XREF CISA-KNOWN-EXPLOITED:2025/04/01
XREF CWE:23
XREF CWE:41
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:284
XREF CWE:416
XREF CWE:591
XREF CWE:681
XREF CWE:707
Plugin Information
Published: 2025/03/11, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5053627
- 5053620

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27615
234037 - KB5055570: Windows Server 2008 R2 Security Update (April 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5055570. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5055570 or Cumulative Update 5055561
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.4617
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/04/08, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5055570
- 5055561

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27666
235853 - KB5058454: Windows Server 2008 R2 Security Update (May 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5058454. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5058454 or Cumulative Update 5058430
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.2127
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-24063
CVE CVE-2025-29830
CVE CVE-2025-29831
CVE CVE-2025-29832
CVE CVE-2025-29835
CVE CVE-2025-29836
CVE CVE-2025-29837
CVE CVE-2025-29839
CVE CVE-2025-29954
CVE CVE-2025-29956
CVE CVE-2025-29957
CVE CVE-2025-29958
CVE CVE-2025-29959
CVE CVE-2025-29960
CVE CVE-2025-29961
CVE CVE-2025-29962
CVE CVE-2025-29966
CVE CVE-2025-29967
CVE CVE-2025-29968
CVE CVE-2025-29969
CVE CVE-2025-29974
CVE CVE-2025-30385
CVE CVE-2025-30388
CVE CVE-2025-30397
CVE CVE-2025-32701
CVE CVE-2025-32706
CVE CVE-2025-32707
CVE CVE-2025-32710
MSKB 5058430
MSKB 5058454
XREF MSFT:MS25-5058430
XREF MSFT:MS25-5058454
XREF CISA-KNOWN-EXPLOITED:2025/06/03
XREF IAVA:2025-A-0335-S
XREF IAVA:2025-A-0334-S
XREF CWE:20
XREF CWE:59
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:191
XREF CWE:362
XREF CWE:367
XREF CWE:400
XREF CWE:416
XREF CWE:476
XREF CWE:770
XREF CWE:787
XREF CWE:843
XREF CWE:908
Plugin Information
Published: 2025/05/13, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5058454
- 5058430

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27717
238085 - KB5061036: Windows Server 2008 R2 Security Update (June 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5061036. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5061036 or Cumulative Update 5061078
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.4893
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-32712
CVE CVE-2025-32713
CVE CVE-2025-32714
CVE CVE-2025-32715
CVE CVE-2025-32716
CVE CVE-2025-32724
CVE CVE-2025-33053
CVE CVE-2025-33056
CVE CVE-2025-33057
CVE CVE-2025-33064
CVE CVE-2025-33066
CVE CVE-2025-33070
CVE CVE-2025-33073
CVE CVE-2025-33075
MSKB 5061036
MSKB 5061078
XREF MSFT:MS25-5061036
XREF MSFT:MS25-5061078
XREF IAVA:2025-A-0428-S
XREF IAVA:2025-A-0417-S
XREF CISA-KNOWN-EXPLOITED:2025/11/10
XREF CISA-KNOWN-EXPLOITED:2025/07/01
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:284
XREF CWE:400
XREF CWE:416
XREF CWE:476
XREF CWE:908
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2025/06/10, Modified: 2025/10/21
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5061078
- 5061036

- C:\Windows\system32\appinfo.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27767
241558 - KB5062619: Windows Server 2008 R2 Security Update (July 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5062619. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. (CVE-2025-47985)

- Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. (CVE-2025-47987)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5062619 or Cumulative Update 5062632
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0055
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/07/08, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5062632
- 5062619

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27819
261808 - KB5065510: Windows Server 2008 R2 Security Update (September 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5065510. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-54095, CVE-2025-54096, CVE-2025-54097, CVE-2025-55225)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5065510 or Cumulative Update 5065468
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0073
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/09/09, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5065510
- 5065468

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.27927
277984 - KB5071506: Windows Server 2008 R2 Security Update (December 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5071506. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

- Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. (CVE-2025-62466)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5071506 or Cumulative Update 5071501
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.002
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-54100
CVE CVE-2025-62455
CVE CVE-2025-62458
CVE CVE-2025-62466
CVE CVE-2025-62470
CVE CVE-2025-62472
CVE CVE-2025-62473
CVE CVE-2025-62474
CVE CVE-2025-62549
CVE CVE-2025-62571
MSKB 5071501
MSKB 5071506
XREF MSFT:MS25-5071501
XREF MSFT:MS25-5071506
XREF IAVA:2025-A-0916-S
XREF IAVA:2025-A-0917-S
Plugin Information
Published: 2025/12/09, Modified: 2026/01/21
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5071506
- 5071501

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.28060
283464 - KB5073699: Windows Server 2008 R2 Security Update (January 2026)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5073699. It is, therefore, affected by multiple vulnerabilities

- An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM.
This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns. (CVE-2023-31096)

- A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure.
These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. (CVE-2024-55414)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5073699 or Cumulative Update 5073695
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.009
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2026/01/13, Modified: 2026/01/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5073699
- 5073695

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.28116
59044 - MS 2695962: Update Rollup for ActiveX Kill Bits (2695962)
-
Synopsis
The remote Windows host is missing an update that disables a selected ActiveX control.
Description
The remote Windows host is missing a kill bit for an ActiveX control that is known to contain vulnerabilities.

If this ActiveX control is ever installed on the remote host, either now or in the future, it would expose the host to various security issues.

Note that the affected control is from a third-party vendor that has asked Microsoft to prevent their control from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0987
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 52482
CVE CVE-2012-0358
MSKB 2695962
XREF CERT:339177
Plugin Information
Published: 2012/05/09, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{B8E73359-3422-4384-8D27-4EA1B4C01232}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
62045 - MS 2736233: Update Rollup for ActiveX Kill Bits (2736233)
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities.

If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues.

Note that the affected controls are from a third-party vendor that has asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0158
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 54107
BID 54108
CVE CVE-2012-2493
CVE CVE-2012-2494
CVE CVE-2012-2495
CVE CVE-2012-2496
MSKB 2736233
Plugin Information
Published: 2012/09/11, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{705ec6d4-b138-4079-a307-ef13e4889a82}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
48762 - MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution
-
Synopsis
The remote Windows host may be vulnerable to code execution attacks.
Description
The remote host is missing Microsoft KB2264107 or an associated registry change, which provides a mechanism for mitigating binary planting or DLL preloading attacks.

Insecurely implemented applications look in their current working directory when resolving DLL dependencies. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded.

A remote attacker could exploit this issue by tricking a user into accessing a vulnerable application via a network share or WebDAV folder where a malicious DLL resides, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :

Please note this update provides a method of mitigating a class of vulnerabilities rather than fixing any specific vulnerabilities.
Additionally, these patches must be used in conjunction with the 'CWDIllegalInDllSearch' registry setting to have any effect. These protections could be applied in a way that breaks functionality in existing applications. Refer to the Microsoft advisory for more information.
Risk Factor
High
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 2269637
Plugin Information
Published: 2010/08/26, Modified: 2023/07/26
Plugin Output

tcp/445/cifs


ntdll.dll has been upgraded by KB2264107 or a related, subsequent update,
but the following registry entry has not been set :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
56824 - MS KB2506014: Update for the Windows Operating System Loader
-
Synopsis
The remote Windows host does not properly enforce driver signing.
Description
The remote Windows host contains a version of the Windows OS Loader (winload.exe) which does not properly enforce driver signing. This could result in unsigned drivers being loaded by winload.exe.

While this update does not address any specific vulnerabilities, it prevents winload.exe from loading unsigned binaries. This technique is commonly used by malware (e.g. rootkits) to stay resident on a system after the initial infection.
See Also
Solution
Microsoft has released a set of patches for the 64-bit editions of Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
References
MSKB 2506014
Plugin Information
Published: 2012/02/16, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2506014
- C:\Windows\system32\winload.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17556
51903 - MS11-003: Cumulative Security Update for Internet Explorer (2482017)
-
Synopsis
Arbitrary code can be executed on the remote host through a web browser.
Description
The remote host is missing Internet Explorer (IE) Security Update 2482017.

The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.5
EPSS Score
0.856
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 45246
BID 46157
BID 46158
BID 46159
CVE CVE-2010-3971
CVE CVE-2011-0035
CVE CVE-2011-0036
CVE CVE-2011-0038
MSKB 2482017
XREF CERT:634956
XREF EDB-ID:15708
XREF EDB-ID:15746
XREF MSFT:MS11-003
XREF Secunia:42510
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information
Published: 2011/02/08, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2482017
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17537
51907 - MS11-007: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
-
Synopsis
The remote Windows host contains a font driver that is affected by a privilege escalation vulnerability.
Description
The remote Windows host contains a version of the OpenType Compact Font Format (CFF) Font Driver that fails to properly validate certain data passed from user mode to kernel mode.

A remote attacker could exploit this by tricking a user into viewing content rendered in a specially crafted CFF font (via vectors such as web, instant message, or email), resulting in arbitrary code execution in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.2819
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 46106
CVE CVE-2011-0033
MSKB 2485376
XREF MSFT:MS11-007
Plugin Information
Published: 2011/02/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2485376
- C:\Windows\system32\Atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.232
51912 - MS11-012: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
-
Synopsis
The remote Windows kernel is affected by multiple vulnerabilities.
Description
The remote host is running a version of the Windows kernel that is affected by one or more of the following vulnerabilities :

- The Win32k.sys kernel-mode driver improperly validates data supplied from user mode to kernel mode.
(CVE-2011-0086)

- The Win32k.sys kernel-mode driver insufficiently validates data supplied from user mode to kernel mode.
(CVE-2011-0087)

- The Win32k.sys kernel-mode driver does not properly validate data supplied from user mode to kernel mode, resulting in a 'Window Class Pointer Confusion'
vulnerability. (CVE-2011-0088)

- The Win32k.sys kernel-mode driver does not properly validate data supplied from user mode to kernel mode, resulting in a 'Window Class Improper Pointer Validation' vulnerability. (CVE-2011-0089)

- The Win32k.sys kernel-mode driver does not properly validate data supplied from user mode to kernel mode, resulting in a memory corruption vulnerability.
(CVE-2011-0090)

An attacker with local access to the affected system can exploit these issues to execute arbitrary code in kernel mode and take complete control of the affected system.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0123
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 46141
BID 46147
BID 46148
BID 46149
BID 46150
CVE CVE-2011-0086
CVE CVE-2011-0087
CVE CVE-2011-0088
CVE CVE-2011-0089
CVE CVE-2011-0090
MSKB 2479628
XREF MSFT:MS11-012
Plugin Information
Published: 2011/02/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2479628
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17535
51913 - MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
-
Synopsis
The remote implementation of Kerberos is affected by one or more vulnerabilities.
Description
The implementation of Kerberos on the remote Windows host is affected by one or more vulnerabilities :

- Microsoft's Kerberos implementation uses a weak hashing mechanism, which can allow for certain aspects of a Kerberos service ticket to be forged. Note that this is not exploitable on domains where the domain controllers are running Windows Server 2008 or Windows Server 2008 R2. (CVE-2011-0043)

- An attacker can force a downgrade in Kerberos communication between a client and server to a weaker encryption standard than negotiated originally by means of a man-in-the-middle attack because Windows does not correctly enforce the stronger default encryption standards included in Windows 7 and Windows Server 2008 R2. Note that this issue only affects implementations of Kerberos on Windows 7 and Windows Server 2008 R2.
(CVE-2011-0091)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0248
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 46130
BID 46140
CVE CVE-2011-0043
CVE CVE-2011-0091
MSKB 2425227
MSKB 2478971
XREF MSFT:MS11-013
Plugin Information
Published: 2011/02/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2425227
- C:\Windows\system32\Kerberos.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17527
53375 - MS11-018: Cumulative Security Update for Internet Explorer (2497640)
-
Synopsis
Arbitrary code can be executed on the remote host through a web browser.
Description
The remote host is missing Internet Explorer (IE) Security Update 2497640.

The installed version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.6068
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 45639
BID 46821
BID 47190
BID 47191
BID 47192
CVE CVE-2011-0094
CVE CVE-2011-0346
CVE CVE-2011-1244
CVE CVE-2011-1245
CVE CVE-2011-1345
MSKB 2497640
XREF CERT:427980
XREF MSFT:MS11-018
Plugin Information
Published: 2011/04/13, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2497640
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17573
53376 - MS11-019: Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed SMB client.
Description
The version of the SMB client software installed on the remote Windows host may be affected by multiple vulnerabilities which could allow an attacker to execute arbitrary code on the remote host subject to the privileges of the user running the affected software.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.795
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 46360
BID 47239
CVE CVE-2011-0654
CVE CVE-2011-0660
MSKB 2511455
XREF CERT:323172
XREF EDB-ID:16166
XREF MSFT:MS11-019
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2511455
- C:\Windows\system32\drivers\Mrxsmb.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17565
53381 - MS11-024: Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
-
Synopsis
A fax cover page editor on the remote host has a memory corruption vulnerability.
Description
The version of Windows Fax Cover Page Editor on the remote host has a heap-based buffer overflow vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted fax cover page file, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5832
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 45942
BID 45583
CVE CVE-2010-3974
CVE CVE-2010-4701
MSKB 2491683
MSKB 2506212
XREF EDB-ID:15839
XREF IAVB:2011-B-0045
XREF MSFT:MS11-024
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2506212
- C:\Windows\system32\Mfc42.dll has not been patched.
Remote version : 6.6.8063.0
Should be : 6.6.8064.0
53385 - MS11-028: Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
-
Synopsis
The version of the .NET Framework installed on the remote host allows arbitrary code execution.
Description
The x86 JIT compiler included with the version of the .NET Framework installed on the remote host incorrectly compiles certain types of function calls.

An attacker may be able to leverage this vulnerability to run arbitrary code on the affected system under either of the following scenarios :

- Tricking a user on the affected host into viewing a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs).

- Uploading a malicious ASP.NET application to be hosted on the affected host.

- Bypassing Code Access Security (CAS) restrictions in a Windows .NET application.
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5646
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 47223
CVE CVE-2010-3958
MSKB 2446704
MSKB 2446708
MSKB 2446709
MSKB 2446710
MSKB 2449741
MSKB 2449742
XREF MSFT:MS11-028
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2446710
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5444
53387 - MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed Windows DNS client.
Description
A flaw in the way the installed Windows DNS client processes Link- local Multicast Name Resolution (LLMNR) queries can be exploited to execute arbitrary code in the context of the NetworkService account.

Note that Windows XP and 2003 do not support LLMNR and successful exploitation on those platforms requires local access and the ability to run a special application. On Windows Vista, 2008, 7, and 2008 R2, however, the issue can be exploited remotely.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.3
EPSS Score
0.4693
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 47242
CVE CVE-2011-0657
MSKB 2509553
XREF IAVA:2011-A-0039-S
XREF MSFT:MS11-030
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/04/13, Modified: 2020/08/05
Plugin Output

tcp/445/cifs



KB : 2509553
- C:\Windows\system32\Dnsapi.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17570
53388 - MS11-031: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed JScript and VBScript scripting engines.
Description
The installed version of the JScript and VBScript scripting engines contains an integer overflow vulnerability that can occur when the scripting engines process a script in a web page and attempt to reallocate memory while decoding the script.

If an attacker can trick a user on the affected system into visiting a malicious website, this issue could be leveraged to execute arbitrary code subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.2252
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 47249
CVE CVE-2011-0663
MSKB 2510531
MSKB 2510581
MSKB 2510587
XREF MSFT:MS11-031
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2510531
- C:\Windows\system32\Jscript.dll has not been patched.
Remote version : 5.8.7601.17514
Should be : 5.8.7601.17562
53389 - MS11-032: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
-
Synopsis
The remote Windows host contains a font driver that is affected by a privilege escalation vulnerability.
Description
The remote Windows host contains a version of the OpenType Compact Font Format (CFF) Font Driver that improperly parses specially crafted OpenType fonts.

A remote attacker could exploit this by tricking a user into viewing content rendered in a specially crafted CFF font (via vectors such as web, instant message, or email), resulting in arbitrary code execution in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5669
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 47179
CVE CVE-2011-0034
MSKB 2507618
XREF MSFT:MS11-032
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2507618
- C:\Windows\system32\Atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.234
53391 - MS11-034: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
-
Synopsis
The remote Windows kernel is affected by multiple vulnerabilities.
Description
The remote host is running a version of the Windows kernel that is affected by the following types of vulnerabilities :

- Several use-after-free vulnerabilities exist due to the way that Windows kernel-mode drivers manage kernel-mode driver objects. (CVE-2011-0662, CVE-2011-0665, CVE-2011-0666, CVE-2011-0667, CVE-2011-0670, CVE-2011-0671, CVE-2011-0672, CVE-2011-0674, CVE-2011-0675, CVE-2011-1234, CVE-2011-1235, CVE-2011-1236, CVE-2011-1237, CVE-2011-1238, CVE-2011-1239, CVE-2011-1240, CVE-2011-1241, CVE-2011-1242)

- Several NULL pointer de-reference vulnerabilities exist due to the way that Windows kernel-mode drivers manage pointers to kernel-mode driver objects. (CVE-2011-0673, CVE-2011-0676, CVE-2011-0677, CVE-2011-1225, CVE-2011-1226, CVE-2011-1227, CVE-2011-1228, CVE-2011-1229, CVE-2011-1230, CVE-2011-1231, CVE-2011-1232, CVE-2011-1233)

An attacker with local access to the affected system can exploit these issues to execute arbitrary code in kernel mode and take complete control of the affected system.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0352
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 47194
BID 47202
BID 47203
BID 47204
BID 47205
BID 47206
BID 47207
BID 47209
BID 47210
BID 47211
BID 47212
BID 47213
BID 47214
BID 47215
BID 47216
BID 47217
BID 47218
BID 47219
BID 47220
BID 47224
BID 47225
BID 47226
BID 47227
BID 47228
BID 47229
BID 47230
BID 47231
BID 47232
BID 47233
BID 47234
CVE CVE-2011-0662
CVE CVE-2011-0665
CVE CVE-2011-0666
CVE CVE-2011-0667
CVE CVE-2011-0670
CVE CVE-2011-0671
CVE CVE-2011-0672
CVE CVE-2011-0673
CVE CVE-2011-0674
CVE CVE-2011-0675
CVE CVE-2011-0676
CVE CVE-2011-0677
CVE CVE-2011-1225
CVE CVE-2011-1226
CVE CVE-2011-1227
CVE CVE-2011-1228
CVE CVE-2011-1229
CVE CVE-2011-1230
CVE CVE-2011-1231
CVE CVE-2011-1232
CVE CVE-2011-1233
CVE CVE-2011-1234
CVE CVE-2011-1235
CVE CVE-2011-1236
CVE CVE-2011-1237
CVE CVE-2011-1238
CVE CVE-2011-1239
CVE CVE-2011-1240
CVE CVE-2011-1241
CVE CVE-2011-1242
MSKB 2506223
XREF MSFT:MS11-034
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2506223
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17570
55118 - MS11-038: Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote host is running a version of Windows that is affected by a remote code execution vulnerability. An attacker can exploit this by causing a user to visit a website containing a specially crafted Windows Metafile (WMF) image. Exploitation could allow an attacker to execute arbitrary code with the user's credentials.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.3527
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 48174
CVE CVE-2011-0658
MSKB 2476490
XREF MSFT:MS11-038
Plugin Information
Published: 2011/06/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2476490
- C:\Windows\system32\Oleaut32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17567
55119 - MS11-039: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
-
Synopsis
The Microsoft .NET Framework and/or Microsoft Silverlight install on the remote host has a code execution vulnerability.
Description
The remote Windows host is running a version of the Microsoft .NET Framework and/or Microsoft Silverlight affected by a code execution vulnerability. A specially crafted .NET application could access memory unsafely, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.5, and Silverlight.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.191
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 48212
CVE CVE-2011-0664
MSKB 2478656
MSKB 2478657
MSKB 2478658
MSKB 2478659
MSKB 2478660
MSKB 2478661
MSKB 2478662
MSKB 2478663
MSKB 2512827
XREF MSFT:MS11-039
Plugin Information
Published: 2011/06/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5442
55121 - MS11-041: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
-
Synopsis
The remote Windows kernel is affected by a remote code execution vulnerability.
Description
The remote host is running a version of the Windows kernel that is affected by a remote code execution vulnerability. An attacker can exploit this by causing a user to visit a network share containing a specially crafted OpenType font (OTF). The attacker can exploit this issue to execute arbitrary code in kernel mode and take complete control of the affected system.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.2701
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 48183
CVE CVE-2011-1873
MSKB 2525694
XREF MSFT:MS11-041
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/06/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2525694
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17622
55123 - MS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed SMB client.
Description
The version of the SMB client software installed on the remote Windows host has an unspecified code execution vulnerability. The client does not properly parse unspecified SMB responses. A remote, unauthenticated attacker could exploit this to execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.3512
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 48184
CVE CVE-2011-1268
MSKB 2536276
XREF MSFT:MS11-043
XREF IAVA:2011-A-0079-S
Plugin Information
Published: 2011/06/15, Modified: 2020/08/05
Plugin Output

tcp/445/cifs



KB : 2536276
- C:\Windows\system32\drivers\Mrxsmb.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17605
55124 - MS11-044: Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
-
Synopsis
The version of the .NET Framework installed on the remote host allows arbitrary code execution.
Description
The JIT compiler included with the version of the .NET Framework installed on the remote host incorrectly validates certain values within an object.

An attacker may be able to leverage this vulnerability to run arbitrary code as the logged in user or the user account of ASP.NET on the affected system under either of the following scenarios :

- Tricking a user on the affected host into viewing a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs).

- Uploading a malicious ASP.NET application to be hosted on the affected host.

- Bypassing Code Access Security (CAS) restrictions in a Windows .NET application.
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.1642
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 47834
CVE CVE-2011-1271
MSKB 2518863
MSKB 2518864
MSKB 2518865
MSKB 2518866
MSKB 2518867
MSKB 2518869
MSKB 2518870
MSKB 2530095
XREF MSFT:MS11-044
XREF IAVA:2011-A-0082-S
Plugin Information
Published: 2011/06/15, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



KB : 2518869
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5446
55126 - MS11-046: Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
-
Synopsis
The remote Windows host contains a driver that allows privilege escalation.
Description
The remote Windows host contains a version of the Ancillary Function Driver (afd.sys) that does not properly validate input before passing it from user mode to the kernel.

An attacker with local access to the affected system could exploit this issue to execute arbitrary code in kernel mode and take complete control of the affected system.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.1908
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 48198
CVE CVE-2011-1249
MSKB 2503665
XREF EDB-ID:18755
XREF MSFT:MS11-046
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/06/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2503665
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17603
55128 - MS11-048: Vulnerability in SMB Server Could Allow Denial of Service (2536275)
-
Synopsis
The remote Windows host has a denial of service vulnerability.
Description
A vulnerability in the SMB service on the remote Windows host can reportedly be abused by a remote, unauthenticated attacker to cause the host to stop responding until manually restarted.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.1
EPSS Score
0.4291
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 48185
CVE CVE-2011-1267
MSKB 2536275
XREF MSFT:MS11-048
XREF IAVA:2011-A-0078-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/06/15, Modified: 2020/08/05
Plugin Output

tcp/445/cifs



KB : 2536275
- C:\Windows\system32\drivers\Srv2.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17608
55286 - MS11-048: Vulnerability in SMB Server Could Allow Denial of Service (2536275) (remote check)
-
Synopsis
The remote Windows host has a denial of service vulnerability.
Description
The remote host is affected by a vulnerability in the SMB service that can reportedly be abused by a remote, unauthenticated attacker to cause the host to stop responding until manually restarted.

This vulnerability depends on access to a Windows file share, but might not necessarily require credentials.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, and 2008 R2.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
5.1
EPSS Score
0.4291
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.1 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 48185
CVE CVE-2011-1267
MSKB 2536275
XREF MSFT:MS11-048
XREF IAVA:2011-A-0078-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/06/21, Modified: 2026/01/07
Plugin Output

tcp/445/cifs

55130 - MS11-050: Cumulative Security Update for Internet Explorer (2530548)
-
Synopsis
Arbitrary code can be executed on the remote host through a web browser.
Description
The remote host is missing Internet Explorer (IE) Security Update 2497640.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.2
EPSS Score
0.8206
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 48199
BID 48200
BID 48201
BID 48202
BID 48203
BID 48204
BID 48206
BID 48207
BID 48208
BID 48210
BID 48211
CVE CVE-2011-1246
CVE CVE-2011-1250
CVE CVE-2011-1251
CVE CVE-2011-1252
CVE CVE-2011-1254
CVE CVE-2011-1255
CVE CVE-2011-1256
CVE CVE-2011-1258
CVE CVE-2011-1260
CVE CVE-2011-1261
CVE CVE-2011-1262
MSKB 2530548
XREF EDB-ID:17409
XREF MSFT:MS11-050
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2011/06/15, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2530548
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17622
55570 - MS11-054: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
-
Synopsis
The remote Windows kernel is affected by multiple vulnerabilities.
Description
The remote host is running a version of the Windows kernel that is affected by the following vulnerabilities :

- Multiple privilege escalation vulnerabilities exist due to the way that Windows kernel-mode drivers manage driver objects. (CVE-2011-1874, CVE-2011-1875, CVE-2011-1876, CVE-2011-1877, CVE-2011-1878, CVE-2011-1879, CVE-2011-1880, CVE-2011-1881, CVE-2011-1882, CVE-2011-1883, CVE-2011-1884, CVE-2011-1885, CVE-2011-1887, CVE-2011-1888)

- An information disclosure vulnerability exists due to the way that Windows kernel-mode drivers validate function parameters. (CVE-2011-1886)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.01
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 48587
BID 48589
BID 48590
BID 48591
BID 48592
BID 48593
BID 48594
BID 48595
BID 48596
BID 48597
BID 48599
BID 48601
BID 48603
BID 48607
CVE CVE-2011-1874
CVE CVE-2011-1875
CVE CVE-2011-1876
CVE CVE-2011-1877
CVE CVE-2011-1878
CVE CVE-2011-1879
CVE CVE-2011-1880
CVE CVE-2011-1881
CVE CVE-2011-1882
CVE CVE-2011-1883
CVE CVE-2011-1884
CVE CVE-2011-1885
CVE CVE-2011-1886
CVE CVE-2011-1887
CVE CVE-2011-1888
MSKB 2555917
XREF MSFT:MS11-054
Exploitable With
CANVAS (true)
Plugin Information
Published: 2011/07/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2555917
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17630
55787 - MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)
-
Synopsis
Arbitrary code can be executed on the remote host through a web browser.
Description
The remote host is missing Internet Explorer (IE) Security Update 2559049.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.4304
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 46821
BID 47989
BID 48994
BID 49023
BID 49027
BID 49032
BID 49037
BID 49039
CVE CVE-2011-1257
CVE CVE-2011-1347
CVE CVE-2011-1960
CVE CVE-2011-1961
CVE CVE-2011-1962
CVE CVE-2011-1963
CVE CVE-2011-1964
CVE CVE-2011-2382
CVE CVE-2011-2383
MSKB 2559049
XREF MSFT:MS11-057
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/08/09, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2559049
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17655
55793 - MS11-063: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
-
Synopsis
The remote Windows host has a privilege escalation vulnerability.
Description
The Windows Client/Server Run-time Subsystem (CSRSS) on the remote host has a privilege escalation vulnerability. Permissions are not properly validated when a lower-integrity process communicates a device event to a higher-integrity process. A local attacker could exploit this vulnerability to gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0021
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 48992
CVE CVE-2011-1967
MSKB 2567680
XREF MSFT:MS11-063
Plugin Information
Published: 2011/08/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2567680
- C:\Windows\system32\Winsrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17641
55794 - MS11-064: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
-
Synopsis
The remote Windows host is susceptible to denial of service attacks.
Description
The TCP/IP stack in use on the remote Windows host is potentially affected by the following denial of service vulnerabilities :

- By sending a sequence of specially crafted ICMP messages, an unauthenticated, remote attacker could cause the affected host to stop responding and automatically reboot. (CVE-2011-1871)

- By sending a request with a specially crafted URL, an unauthenticated, remote attacker may be able to cause the affected host to stop responding and automatically reboot if it is serving web content and has URL-based QoS (Quality of Service) enabled. (CVE-2011-1965)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
4.9
EPSS Score
0.6831
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
References
BID 48987
BID 48990
CVE CVE-2011-1871
CVE CVE-2011-1965
MSKB 2563894
XREF EDB-ID:17981
XREF MSFT:MS11-064
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/08/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2563894
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17638
55798 - MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
-
Synopsis
The Windows kernel is affected by a vulnerability that could result in a denial of service.
Description
The remote host is running a Windows kernel version that is affected by a denial of service vulnerability involving the code that handles parsing file metadata when browsing a folder.

A remote attacker could exploit this issue by tricking a user into opening a folder containing a specially crafted file, resulting in a denial of service.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
3.6
EPSS Score
0.0122
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 48997
CVE CVE-2011-1971
MSKB 2556532
XREF MSFT:MS11-068
XREF IAVB:2011-B-0104
Plugin Information
Published: 2011/08/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2556532
- C:\Windows\system32\Ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17640
56174 - MS11-071: Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
-
Synopsis
The remote Windows host is affected by a code execution vulnerability.
Description
The remote Windows host is affected by a code execution vulnerability.
By tricking a user into opening a legitimate rich text file (.rtf), text file (.txt), or Word document (.doc) that is in the same directory as a specially crafted library file, a remote, unauthenticated user could execute arbitrary code on the host subject to the privileges of the user running the affected component.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.4053
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 47741
CVE CVE-2011-1991
MSKB 2570947
XREF IAVA:2012-A-0002
XREF MSFT:MS11-071
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/09/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2570947
- C:\Windows\system32\IME\IMEJP10\Imjpapi.dll has not been patched.
Remote version : 10.1.7600.16385
Should be : 10.1.7601.17658
56449 - MS11-075: Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
-
Synopsis
The remote Windows host contains a component that could allow remote code execution.
Description
The remote Windows host contains a version of the Microsoft Active Accessibility component that fails to properly restrict the path used for loading external libraries.

If an attacker can trick a user into opening a file that resides in the same directory as a specially crafted DLL file, he can leverage this issue to execute arbitrary code in that DLL file subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.2719
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 49976
CVE CVE-2011-1247
MSKB 2564958
XREF IAVA:2011-A-0138
XREF MSFT:MS11-075
Plugin Information
Published: 2011/10/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2564958
- C:\Windows\system32\Oleaut32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17676
56451 - MS11-077: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
-
Synopsis
The remote Windows kernel is affected by multiple vulnerabilities.
Description
The remote host is running a version of the Windows kernel that is affected by the following vulnerabilities :

- A NULL pointer deference that could allow privilege escalation. (CVE-2011-1985)

- A DoS caused by processing a specially crafted TrueType font file. (CVE-2011-2002)

- A code execution vulnerability triggered by tricking a user into opening a specially crafted .fon font file.
(CVE-2011-2003)

- A use after free vulnerability that could allow privilege escalation. (CVE-2011-2011)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.494
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 49968
BID 49973
BID 49975
BID 49981
CVE CVE-2011-1985
CVE CVE-2011-2002
CVE CVE-2011-2003
CVE CVE-2011-2011
MSKB 2567053
XREF CERT:619281
XREF EDB-ID:17978
XREF EDB-ID:18024
XREF MSFT:MS11-077
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/10/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2567053
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17685
56452 - MS11-078: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
-
Synopsis
The version of the .NET Framework installed on the remote host allows arbitrary code execution.
Description
The remote Windows host is running a version of the Microsoft .NET Framework or Silverlight 4 that improperly restricts inheritance within classes. A remote attacker could exploit this issue by tricking a user into viewing a specially crafted web page, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.1589
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 49999
CVE CVE-2011-1253
MSKB 2512827
MSKB 2572067
MSKB 2572069
MSKB 2572073
MSKB 2572075
MSKB 2572076
MSKB 2572077
MSKB 2572078
XREF MSFT:MS11-078
Plugin Information
Published: 2011/10/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5448
56455 - MS11-081: Critical Cumulative Security Update for Internet Explorer (2586448)
-
Synopsis
Arbitrary code can be executed on the remote host through a web browser.
Description
The remote host is missing Internet Explorer (IE) Security Update 2586448.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7824
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 49947
BID 49960
BID 49961
BID 49962
BID 49963
BID 49964
BID 49965
BID 49966
CVE CVE-2011-1993
CVE CVE-2011-1995
CVE CVE-2011-1996
CVE CVE-2011-1997
CVE CVE-2011-1998
CVE CVE-2011-1999
CVE CVE-2011-2000
CVE CVE-2011-2001
MSKB 2586448
XREF MSFT:MS11-081
Exploitable With
Metasploit (true)
Plugin Information
Published: 2011/10/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2586448
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17699
56737 - MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
-
Synopsis
The remote Windows host contains a component that is susceptible to a denial of service attack.
Description
The remote Windows host contains a flaw in the Windows kernel such that fails to properly validate array indexes when loading TrueType font files, therefore making it vulnerable to a denial of service attack. An attacker can exploit this issue by placing a specially crafted TrueType font file on a network share or WebDAV location the victim is likely to visit.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
High
VPR Score
3.6
EPSS Score
0.4771
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 50510
CVE CVE-2011-2004
MSKB 2617657
XREF CERT:675073
XREF MSFT:MS11-084
Plugin Information
Published: 2011/11/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2617657
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17697
56738 - MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is missing an security update. It is, therefore, affected by a flaw in Windows Mail and Windows Meeting Space related to the search path that is used when loading dynamic link library (DLL) files. This path may include directories that are not trusted or under user control. An unauthenticated, remote attacker can exploit this, by inserting a crafted Trojan horse DLL file into the search path, to execute arbitrary code with privileges of the user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.2719
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 50507
CVE CVE-2011-2016
MSKB 2620704
XREF MSFT:MS11-085
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/11/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2620704
None of the versions of 'wab32.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.1.7601.17699
57273 - MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
-
Synopsis
The remote Windows kernel is affected by a remote code execution vulnerability.
Description
The remote host is running a version of the Windows kernel that is affected by a remote code execution vulnerability. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by tricking a user into viewing a specially crafted TrueType font (e.g., via web or email).

This vulnerability is reportedly being exploited in the wild by the Duqu malware.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.8922
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 50462
CVE CVE-2011-3402
MSKB 2639417
XREF CERT:316553
XREF MSFT:MS11-087
XREF CISA-KNOWN-EXPLOITED:2025/10/27
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/12/13, Modified: 2025/10/06
Plugin Output

tcp/445/cifs



KB : 2639417
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17730
57276 - MS11-090: Cumulative Security Update of ActiveX Kill Bits (2618451)
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host has one or more ActiveX controls installed that could be abused to execute arbitrary code remotely if a user can be tricked into viewing a malicious web page using Internet Explorer.

Three of these controls are from Microsoft itself while the others are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.8049
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 45631
BID 45645
BID 48680
BID 50970
BID 51011
CVE CVE-2011-2404
CVE CVE-2011-3397
MSKB 2618451
XREF MSFT:MS11-090
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2011/12/13, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{33FDA1EA-80DF-11d2-B263-00A0C90D6111}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
57283 - MS11-097: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
-
Synopsis
The remote Windows host has a privilege escalation vulnerability.
Description
The Windows Client/Server Run-time Subsystem (CSRSS) on the remote host has a privilege escalation vulnerability. Permissions are not properly validated when a lower-integrity process communicates a device event to a higher-integrity process. A local attacker could exploit this vulnerability to gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0024
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 50972
CVE CVE-2011-3408
MSKB 2620712
XREF MSFT:MS11-097
Plugin Information
Published: 2011/12/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2620712
- C:\Windows\system32\Csrsrv.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.17713
57285 - MS11-099: Cumulative Security Update for Internet Explorer (2618444)
-
Synopsis
Arbitrary code can be executed on the remote host through a web browser.
Description
The remote host is missing Internet Explorer (IE) Security Update 2618444.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.2969
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 50974
BID 50975
BID 50976
CVE CVE-2011-1992
CVE CVE-2011-2019
CVE CVE-2011-3404
MSKB 2618444
XREF MSFT:MS11-099
Plugin Information
Published: 2011/12/13, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2618444
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17720
57414 - MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
-
Synopsis
The version of ASP.NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is running a version of the Microsoft ASP.NET Framework that has multiple vulnerabilities. These include:

- A flaw exists in the way ASP.NET generates hash tables for user-supplied values. By sending a small number of specially crafted posts to an ASP.NET server, an attacker can take advantage of this flaw to cause a denial of service condition. (CVE-2011-3414)

- The Framework does not properly validate return URLs during the forms authentication process, which could allow an attacker to redirect a victim to a malicious website. (CVE-2011-3415)

- ASP.NET forms authentication contains a vulnerability that could allow an attacker that already has a registered user on an application to gain the privileges of another known user. (CVE-2011-3416)

- An elevation of privilege vulnerability exists in the way that ASP.NET Framework handles cached content when Forms Authentication is used with sliding expiry. An attacker can take advantage of this vulnerability to execute code in the context of a target user by tricking the user into visiting a specially crafted link. (CVE-2011-3417)
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.2
EPSS Score
0.7197
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 51186
BID 51201
BID 51202
BID 51203
CVE CVE-2011-3414
CVE CVE-2011-3415
CVE CVE-2011-3416
CVE CVE-2011-3417
MSKB 2656351
MSKB 2656356
MSKB 2657424
MSKB 2656352
MSKB 2656362
MSKB 2656355
MSKB 2656358
MSKB 2656353
XREF CERT:903934
XREF MSFT:MS11-100
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/12/29, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5456
57469 - MS12-001: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
-
Synopsis
The remote Windows host has a flaw in a security feature that is utilized by certain software applications.
Description
The remote Windows host has a bypass vulnerability in the SafeSEH security feature. This could allow an attacker to use other vulnerabilities to bypass the SafeSEH security feature and run arbitrary code on the remote host. Only software applications compiled using Microsoft Visual C++ .NET 2003 could be used to exploit this vulnerability.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5119
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 51296
CVE CVE-2012-0001
MSKB 2644615
XREF MSFT:MS12-001
XREF IAVA:2012-A-0003
Plugin Information
Published: 2012/01/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2644615
- C:\Windows\system32\Ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17725
57472 - MS12-004: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
-
Synopsis
Opening a specially crafted media file could result in arbitrary code execution.
Description
The version of Windows Media installed on the remote host is affected by one or both of the following vulnerabilities :

- The Winmm.dll library as used by Windows Media Player does not properly handle specially crafted MIDI files.
(CVE-2012-0003)

- A DirectShow component of DirectX does not properly handle specially crafted media files. (CVE-2012-0004)

An attacker who tricked a user on the affected host into opening a specially crafted MIDI or media file could leverage these issues to execute arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 as well as Windows XP Media Center Edition 2005 and Windows Media Center TV Pack 2008.
Risk Factor
High
VPR Score
9.7
EPSS Score
0.8785
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 51292
BID 51295
CVE CVE-2012-0003
CVE CVE-2012-0004
MSKB 2598479
MSKB 2628259
MSKB 2628642
MSKB 2631813
XREF EDB-ID:18426
XREF MSFT:MS12-004
XREF IAVA:2012-A-0005
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/01/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2631813
- C:\Windows\system32\Quartz.dll has not been patched.
Remote version : 6.6.7601.17514
Should be : 6.6.7601.17713
57473 - MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
-
Synopsis
Opening a specially crafted Microsoft Office file could result in arbitrary code execution.
Description
The remote Windows host does not include ClickOnce application file types in the Windows Packager unsafe file type list.

An attacker could leverage this issue to execute arbitrary code in the context of the current user on the affected host if he can trick the user into opening a Microsoft Office file with a malicious ClickOnce application embedded in it.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.8703
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 51284
CVE CVE-2012-0013
MSKB 2584146
XREF MSFT:MS12-005
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/01/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2584146
- C:\Windows\system32\Packager.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.17727
57942 - MS12-008: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
-
Synopsis
The remote Windows kernel is affected by multiple remote code execution vulnerabilities.
Description
The remote host is running a version of the Windows kernel that is affected by multiple remote code execution vulnerabilities :

- Due to improper validation in input passed from user mode through the kernel component of GDI, an attacker can cause a denial of service condition or may be able to execute arbitrary code in kernel mode.
(CVE-2011-5046)

- A flaw in the way the Windows kernel-mode drivers manages specific keyboard layouts could allow an attacker to run arbitrary code in kernel mode.
(CVE-2012-0154)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7698
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 51122
BID 51920
CVE CVE-2011-5046
CVE CVE-2012-0154
MSKB 2660465
XREF EDB-ID:18275
XREF MSFT:MS12-008
Plugin Information
Published: 2012/02/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2660465
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17762
57943 - MS12-009: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
-
Synopsis
The remote Windows host contains a driver that allows privilege escalation.
Description
The remote Windows host contains a version of the Ancillary Function Driver (afd.sys), which has multiple flaws that prevent it from properly validating input before passing it from user mode to the kernel.

An attacker with local access to the affected system could exploit these issues to execute arbitrary code in kernel mode and take complete control of the affected system.
See Also
Solution
Microsoft has released a set of patches for Windows XP x64, 2003, Vista, 2008 SP2, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.016
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 51930
BID 51936
CVE CVE-2012-0148
CVE CVE-2012-0149
MSKB 2645640
XREF MSFT:MS12-009
Plugin Information
Published: 2012/02/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2645640
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17752
57944 - MS12-010: Cumulative Security Update for Internet Explorer (2647516)
-
Synopsis
The remote host is affected by code execution and information disclosure vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2647516.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host as well as vulnerabilities that could allow the attacker to view privileged information.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5696
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 51931
BID 51932
BID 51933
BID 51935
CVE CVE-2012-0010
CVE CVE-2012-0011
CVE CVE-2012-0012
CVE CVE-2012-0155
MSKB 2647516
XREF MSFT:MS12-010
Plugin Information
Published: 2012/02/14, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2647516
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17744
57946 - MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
-
Synopsis
Arbitrary code can be executed on the remote Windows host through Windows Color Control Panel.
Description
The remote host contains a version of Windows Color Control Panel that is affected by an insecure library loading vulnerability.

A remote attacker could exploit this by tricking a user into opening a .camp, .cdmp, .gmmp, .icc, or .icm file in a directory that also contains a malicious 'sti.dll' file, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.4332
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 44157
CVE CVE-2010-5082
MSKB 2643719
XREF MSFT:MS12-012
XREF IAVB:2012-B-0020
Plugin Information
Published: 2012/02/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2643719
- C:\Windows\system32\Colorui.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.17745
57947 - MS12-013: Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
-
Synopsis
Arbitrary code can be executed on the remote host through Microsoft's C run-time library.
Description
The remote host contains a version of Microsoft's C run-time library that is affected by a buffer overflow vulnerability.

An attacker who tricked a user on the affected host into opening a specially crafted media file could leverage this issue to execute arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5976
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 51913
CVE CVE-2012-0150
MSKB 2654428
XREF MSFT:MS12-013
XREF IAVA:2012-A-0026
Plugin Information
Published: 2012/02/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2654428
- C:\Windows\system32\Msvcrt.dll has not been patched.
Remote version : 7.0.7600.16385
Should be : 7.0.7601.17744
57950 - MS12-016: Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
-
Synopsis
The .NET Framework install on the remote Windows host could allow arbitrary code execution.
Description
The version of the .NET Framework installed on the remote host reportedly is affected by the following vulnerabilities :

- The .NET Framework and Silverlight do not properly use unmanaged objects, which could allow a malicious .NET Framework application to access memory in an unsafe manner. (CVE-2012-0014)

- The .NET Framework does not properly calculate a buffer length when processing malicious input, which could lead to heap corruption. (CVE-2012-0015)

An attacker may be able to leverage these vulnerabilities to execute arbitrary code on the affected system if a user on it can be tricked into viewing a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.5.1, and 4 as well as Silverlight 4.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5628
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 51938
BID 51940
CVE CVE-2012-0014
CVE CVE-2012-0015
MSKB 2668562
MSKB 2633869
MSKB 2638804
MSKB 2633870
MSKB 2633873
MSKB 2633879
MSKB 2633877
MSKB 2633874
MSKB 2633880
XREF MSFT:MS12-016
Plugin Information
Published: 2012/02/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5453
58332 - MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
-
Synopsis
The remote Windows host could allow arbitrary code execution.
Description
An arbitrary remote code vulnerability exists in the implementation of the Remote Desktop Protocol (RDP) on the remote Windows host. The vulnerability is due to the way that RDP accesses an object in memory that has been improperly initialized or has been deleted.

If RDP has been enabled on the affected system, an unauthenticated, remote attacker could leverage this vulnerability to cause the system to execute arbitrary code by sending a sequence of specially crafted RDP packets to it.

Note that the Remote Desktop Protocol is not enabled by default.

This plugin also checks for a denial of service vulnerability in Microsoft Terminal Server.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.2
EPSS Score
0.8738
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 52353
BID 52354
CVE CVE-2012-0002
CVE CVE-2012-0152
MSKB 2621440
MSKB 2667402
XREF CERT:624051
XREF EDB-ID:18606
XREF IAVA:2012-A-0039
XREF MSFT:MS12-020
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2012/03/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2621440
- C:\Windows\system32\drivers\Rdpwd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17779

58435 - MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (uncredentialed check)
-
Synopsis
The remote Windows host could allow arbitrary code execution.
Description
An arbitrary remote code vulnerability exists in the implementation of the Remote Desktop Protocol (RDP) on the remote Windows host. The vulnerability is due to the way that RDP accesses an object in memory that has been improperly initialized or has been deleted.

If RDP has been enabled on the affected system, an unauthenticated, remote attacker could leverage this vulnerability to cause the system to execute arbitrary code by sending a sequence of specially crafted RDP packets to it.

This plugin also checks for a denial of service vulnerability in Microsoft Terminal Server.

Note that this script does not detect the vulnerability if the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting is enabled or the security layer is set to 'SSL (TLS 1.0)' on the remote host.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.

Note that an extended support contract with Microsoft is required to obtain the patch for this vulnerability for Windows 2000.
Risk Factor
High
VPR Score
9.2
EPSS Score
0.8738
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 52353
BID 52354
CVE CVE-2012-0002
CVE CVE-2012-0152
MSKB 2621440
MSKB 2667402
XREF EDB-ID:18606
XREF MSFT:MS12-020
XREF IAVA:2012-A-0039
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/03/22, Modified: 2025/09/29
Plugin Output

tcp/3389/msrdp

58655 - MS12-023: Cumulative Security Update for Internet Explorer (2675157)
-
Synopsis
The remote host is affected by code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2675157.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5845
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 52889
BID 52890
BID 52904
BID 52905
BID 52906
CVE CVE-2012-0168
CVE CVE-2012-0169
CVE CVE-2012-0170
CVE CVE-2012-0171
CVE CVE-2012-0172
MSKB 2675157
XREF MSFT:MS12-023
Plugin Information
Published: 2012/04/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2675157
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17785
58656 - MS12-024: Vulnerability in Windows Could Allow Remote Code Execution (2653956)
-
Synopsis
The remote Windows host has a code execution vulnerability.
Description
The version of Windows running on the remote host has vulnerabilities in the Windows Authenticode Signature mechanism. Modifying an existing signed executable can result in arbitrary code execution.

A remote attacker could exploit this by tricking a user into executing or opening a maliciously crafted file.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.8901
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 52868
CVE CVE-2012-0151
MSKB 2653956
XREF IAVA:2012-A-0060
XREF MSFT:MS12-024
XREF CISA-KNOWN-EXPLOITED:2022/06/22
Plugin Information
Published: 2012/04/11, Modified: 2022/06/08
Plugin Output

tcp/445/cifs



KB : 2653956
- C:\Windows\system32\wintrust.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17787
58657 - MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
-
Synopsis
The .NET Framework install on the remote Windows host could allow arbitrary code execution.
Description
The version of the .NET Framework installed on the remote host reportedly is affected by a code execution vulnerability because of the way .NET Framework validates parameters when passing data to a function.

An attacker may be able to leverage these vulnerabilities to execute arbitrary code on the affected system if a user can be tricked into viewing a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be exploited by uploading a specially crafted ASP.NET page to a server system running IIS and then executing that page.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.0, 1.1, 2.0, 3.5.1, and 4.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.558
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 52921
BID 53204
CVE CVE-2012-0163
MSKB 2656368
MSKB 2656369
MSKB 2656370
MSKB 2656372
MSKB 2656373
MSKB 2656374
MSKB 2656376
MSKB 2656378
XREF EDB-ID:18777
XREF MSFT:MS12-025
Plugin Information
Published: 2012/04/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.drawing.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5462
59042 - MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data.
(CVE-2011-3402)

- A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159)

- A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162)

- A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2012-0164)

- A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165)

- A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167)

- A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176)

- A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.
(CVE-2012-0180)

- A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181)

- A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0, 3.5.1, and 4.0; and Silverlight 4 and 5.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.8922
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 50462
BID 53324
BID 53326
BID 53327
BID 53335
BID 53347
BID 53351
BID 53358
BID 53360
BID 53363
CVE CVE-2011-3402
CVE CVE-2012-0159
CVE CVE-2012-0162
CVE CVE-2012-0164
CVE CVE-2012-0165
CVE CVE-2012-0167
CVE CVE-2012-0176
CVE CVE-2012-0180
CVE CVE-2012-0181
CVE CVE-2012-1848
MSKB 2589337
MSKB 2596672
MSKB 2596792
MSKB 2598253
MSKB 2636927
MSKB 2656405
MSKB 2656407
MSKB 2656409
MSKB 2656410
MSKB 2656411
MSKB 2658846
MSKB 2659262
MSKB 2660649
MSKB 2676562
MSKB 2686509
MSKB 2690729
XREF MSFT:MS12-034
XREF IAVA:2012-A-0079
XREF EDB-ID:18894
XREF ZDI:ZDI-12-131
XREF CISA-KNOWN-EXPLOITED:2025/10/27
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/05/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs



- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17803

KB : 2659262
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 5.2.7600.17007

KB : 2658846
None of the versions of 'DWrite.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.1.7600.16972
59043 - MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
-
Synopsis
The .NET Framework install on the remote Windows host could allow arbitrary code execution.
Description
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities in the serialization process.
Untrusted data is treated as trusted which could result in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.0, 1.1, 2.0, 3.0, 3.5, and 4.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5751
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 53356
BID 53357
CVE CVE-2012-0160
CVE CVE-2012-0161
MSKB 2604042
MSKB 2604044
MSKB 2604078
MSKB 2604092
MSKB 2604094
MSKB 2604105
MSKB 2604110
MSKB 2604111
MSKB 2604114
MSKB 2604115
MSKB 2604121
XREF MSFT:MS12-035
XREF IAVA:2012-A-0080-S
Plugin Information
Published: 2012/05/09, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5456
59454 - MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
-
Synopsis
The remote Windows host could allow arbitrary code execution.
Description
An arbitrary remote code vulnerability exists in the implementation of the Remote Desktop Protocol (RDP) on the remote Windows host. The vulnerability is due to the way that RDP accesses an object in memory that has been improperly initialized or deleted.

If RDP has been enabled on the affected system, an unauthenticated, remote attacker could leverage this vulnerability to cause the system to execute arbitrary code by sending a sequence of specially crafted RDP packets to it.

Note that the Remote Desktop Protocol is not enabled by default.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.5228
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 53826
CVE CVE-2012-0173
MSKB 2685939
XREF MSFT:MS12-036
XREF IAVA:2012-A-0092
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/06/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2685939
- C:\Windows\system32\drivers\Rdpwd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17830
59455 - MS12-037: Cumulative Security Update for Internet Explorer (2699988)
-
Synopsis
The remote host is affected by code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2699988.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.4
EPSS Score
0.8612
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 53841
BID 53842
BID 53843
BID 53844
BID 53845
BID 53847
BID 53848
BID 53866
BID 53867
BID 53868
BID 53869
BID 53870
BID 53871
CVE CVE-2012-1523
CVE CVE-2012-1858
CVE CVE-2012-1872
CVE CVE-2012-1873
CVE CVE-2012-1874
CVE CVE-2012-1875
CVE CVE-2012-1876
CVE CVE-2012-1877
CVE CVE-2012-1878
CVE CVE-2012-1879
CVE CVE-2012-1880
CVE CVE-2012-1881
CVE CVE-2012-1882
MSKB 2699988
XREF EDB-ID:19777
XREF EDB-ID:20174
XREF EDB-ID:24017
XREF EDB-ID:33944
XREF EDB-ID:35815
XREF MSFT:MS12-037
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/06/13, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2699988
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17824
59456 - MS12-038: Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
-
Synopsis
The .NET Framework installed on the remote Windows host could allow arbitrary code execution.
Description
The version of the .NET Framework installed on the remote host is affected by a code execution vulnerability due to the improper execution of a function pointer.

A remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.5, and 4.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.5026
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 53861
CVE CVE-2012-1855
MSKB 2686828
MSKB 2686827
MSKB 2686830
MSKB 2686831
MSKB 2686833
XREF MSFT:MS12-038
Plugin Information
Published: 2012/06/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5460
59459 - MS12-041: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
-
Synopsis
The remote Windows host is affected by multiple privilege escalation vulnerabilities.
Description
The remote Windows host is affected by several vulnerabilities in the Kernel-Mode drivers that could allow elevation of privilege :

- Flaws in the way the Windows kernel-mode drivers manage driver objects could be exploited to execute arbitrary code in kernel mode. (CVE-2012-1864, CVE-2012-1865, CVE-2012-1866)

- Windows kernel-mode drivers do not properly allocate memory when handling fonts, which could be exploited to execute arbitrary code in kernel mode. (CVE-2012-1867)

- A race condition exists in the way that the kernel deals with specific thread creation attempts. This could be exploited to execute arbitrary code in kernel mode.
(CVE-2012-1868)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0135
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 53815
BID 53816
BID 53817
BID 53819
BID 53820
CVE CVE-2012-1864
CVE CVE-2012-1865
CVE CVE-2012-1866
CVE CVE-2012-1867
CVE CVE-2012-1868
MSKB 2709162
XREF MSFT:MS12-041
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/06/13, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2709162
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17842
59460 - MS12-042: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
-
Synopsis
The Windows kernel is affected by multiple elevation of privilege vulnerabilities.
Description
The remote host is running a Windows kernel version that is affected by multiple elevation of privilege vulnerabilities :

- A vulnerability exists in the way that the Windows User Mode Scheduler handles system requests that can be exploited to execute arbitrary code in kernel mode.
(CVE-2012-0217)

- A vulnerability exists in the way that Windows handles BIOS memory that can be exploited to execute arbitrary code in kernel mode. (CVE-2012-1515)
See Also
Solution
Microsoft has released a set of patches for 32-bit versions of Windows XP and 2003 as well as patches for 64-bit versions of Windows 7 and Server 2008 R2.
Risk Factor
High
VPR Score
8.8
EPSS Score
0.88
CVSS v2.0 Base Score
8.3 (CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.2 (CVSS2#E:H/RL:OF/RC:C)
References
BID 52820
BID 53856
CVE CVE-2012-0217
CVE CVE-2012-1515
MSKB 2707511
MSKB 2709715
XREF EDB-ID:20861
XREF MSFT:MS12-042
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/06/13, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2709715
- C:\Windows\system32\Ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17835
59906 - MS12-043: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
-
Synopsis
Arbitrary code can be executed on the remote host through Microsoft XML Core Services.
Description
The version of Microsoft XML Core Services installed on the remote Windows host is affected by a remote code execution vulnerability that could allow arbitrary code execution if a user views a specially crafted web page using Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.7
EPSS Score
0.9278
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 53934
CVE CVE-2012-1889
MSKB 2719985
MSKB 2721691
MSKB 2721693
MSKB 2687324
MSKB 2596856
MSKB 2596679
MSKB 2687497
MSKB 2687627
XREF MSFT:MS12-043
XREF CISA-KNOWN-EXPLOITED:2022/06/22
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/07/11, Modified: 2022/06/08
Plugin Output

tcp/445/cifs



KB : 2719985
- C:\Windows\System32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.17857

KB : 2719985
- C:\Windows\System32\Msxml6.dll has not been patched.
Remote version : 6.30.7601.17514
Should be : 6.30.7601.17857
59908 - MS12-045: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
-
Synopsis
Arbitrary code can be executed on the remote host through Microsoft Data Access Components.
Description
The version of Microsoft Data Access Components (MDAC) installed on the remote Windows host is affected by a remote code execution vulnerability that could allow arbitrary code execution if a user views a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.5898
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 54308
CVE CVE-2012-1891
MSKB 2698365
XREF MSFT:MS12-045
XREF IAVA:2012-A-0107
Plugin Information
Published: 2012/07/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2698365
- C:\Program Files\Common Files\system\ado\Msado15.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17857
59910 - MS12-047: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
-
Synopsis
The remote Windows host is affected by multiple privilege escalation vulnerabilities.
Description
The remote Windows host is affected by several vulnerabilities in the kernel-mode drivers that could allow elevation of privilege :

- Flaws in the way the Windows kernel-mode drivers handles specific keyboard layouts could be exploited to execute arbitrary code in kernel mode. (CVE-2012-1890)

- Windows kernel-mode drivers do not properly validate parameters when creating a hook procedure, which could be exploited to execute arbitrary code in kernel mode.
(CVE-2012-1893)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.0039
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
References
BID 54285
BID 54302
CVE CVE-2012-1890
CVE CVE-2012-1893
MSKB 2718523
XREF MSFT:MS12-047
Exploitable With
Core Impact (true)
Plugin Information
Published: 2012/07/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2718523
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17860
59911 - MS12-048: Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
A remote code execution vulnerability exists in the way Windows handles file and directory names.

By tricking a user into opening a file or directory with a specially crafted name, an attacker could exploit this vulnerability to execute arbitrary code on the remote host subject to the privileges of the user.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.4676
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 54307
CVE CVE-2012-0175
MSKB 2691442
XREF MSFT:MS12-048
XREF IAVA:2012-A-0110
Plugin Information
Published: 2012/07/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2691442
- C:\Windows\system32\Shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17859
61527 - MS12-052: Cumulative Security Update for Internet Explorer (2722913)
-
Synopsis
The remote host is affected by code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2722913.

The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.6466
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 54945
BID 54950
BID 54951
BID 54952
CVE CVE-2012-1526
CVE CVE-2012-2521
CVE CVE-2012-2522
CVE CVE-2012-2523
MSKB 2722913
XREF MSFT:MS12-052
XREF IAVA:2012-A-0130
Plugin Information
Published: 2012/08/15, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2722913
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17874
61530 - MS12-055: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability in the kernel-mode drivers due to a use-after-free error.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0096
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 54873
CVE CVE-2012-2527
MSKB 2731847
XREF MSFT:MS12-055
Plugin Information
Published: 2012/08/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2731847
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17904
61531 - MS12-056: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2706045)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed JScript and VBScript scripting engines.
Description
The installed versions of the JScript and VBScript scripting engines contain an integer overflow vulnerability that can occur when the scripting engines process a script in a web page and attempt to calculate the size of an object in memory during a copy operation.

By tricking a user on the affected system into visiting a malicious web site, an attacker may be able to exploit this issue to execute arbitrary code subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for 64-bit editions of Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.6466
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 54945
CVE CVE-2012-2523
MSKB 2706045
XREF MSFT:MS12-056
XREF IAVA:2012-A-0130
Plugin Information
Published: 2012/08/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2706045
- C:\Windows\system32\Jscript.dll has not been patched.
Remote version : 5.8.7601.17514
Should be : 5.8.7601.17866
62223 - MS12-063: Cumulative Security Update for Internet Explorer (2744842)
-
Synopsis
The remote host is affected by code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2744842.

The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
9.4
EPSS Score
0.9184
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 55562
BID 55641
BID 55645
BID 55646
BID 55647
CVE CVE-2012-1529
CVE CVE-2012-2546
CVE CVE-2012-2548
CVE CVE-2012-2557
CVE CVE-2012-4969
MSKB 2744842
XREF CERT:480095
XREF MSFT:MS12-063
XREF CISA-KNOWN-EXPLOITED:2022/06/22
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/09/21, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2744842
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17940
62463 - MS12-068: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
-
Synopsis
The Windows kernel is affected by a vulnerability that could result in privilege escalation.
Description
The remote host is running a Windows kernel version that is affected by an integer overflow vulnerability. A local attacker could exploit this to execute arbitrary code with elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0042
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 55793
CVE CVE-2012-2529
MSKB 2724197
XREF MSFT:MS12-068
Plugin Information
Published: 2012/10/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2724197
- C:\Windows\system32\Ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17944
62906 - MS12-074: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities :

- The way .NET Framework validates the permissions of certain objects during reflection is flawed and could be exploited by an attacker to gain complete control of an affected system. (CVE-2012-1895)

- An information disclosure vulnerability exists in .NET due to the improper sanitization of output when a function is called from partially trusted code may allow an attacker to obtain confidential information.
(CVE-2012-1896)

- A flaw exists in the way .NET handles DLL files that can be exploited by an attacker to execute arbitrary code.
(CVE-2012-2519)

- A remote code execution vulnerability exists in the way the .NET Framework retrieves the default web proxy settings. (CVE-2012-4776)

- A flaw exists in the way .NET validates permissions for objects involved with reflection could be exploited by an attacker to gain complete control of an affected system. (CVE-2012-4777)
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.4869
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 56455
BID 56456
BID 56462
BID 56463
BID 56464
CVE CVE-2012-1895
CVE CVE-2012-1896
CVE CVE-2012-2519
CVE CVE-2012-4776
CVE CVE-2012-4777
MSKB 2698023
MSKB 2698032
MSKB 2729449
MSKB 2729450
MSKB 2729451
MSKB 2729452
MSKB 2729453
MSKB 2729456
MSKB 2729460
MSKB 2729462
MSKB 2737019
MSKB 2737081
MSKB 2737083
MSKB 2737084
XREF MSFT:MS12-074
XREF IAVA:2012-A-0184-S
Plugin Information
Published: 2012/11/14, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5466
63224 - MS12-077: Cumulative Security Update for Internet Explorer (2761465)
-
Synopsis
The remote host is affected by code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2761465.

The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8 and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5145
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 56828
BID 56829
BID 56830
CVE CVE-2012-4781
CVE CVE-2012-4782
CVE CVE-2012-4787
MSKB 2761465
XREF MSFT:MS12-077
Plugin Information
Published: 2012/12/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2761465
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.17998
63228 - MS12-081: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
-
Synopsis
The remote Windows host has a remote code execution vulnerability.
Description
The remote host is affected by a remote code execution vulnerability that could be exploited if a user browses to a folder containing a file or subfolder with a specially crafted name. When exploiting this vulnerability, an attacker could gain the same user permissions as the current user.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.6008
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 56443
CVE CVE-2012-4774
MSKB 2758857
XREF MSFT:MS12-081
XREF IAVA:2012-A-0196
Plugin Information
Published: 2012/12/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2758857
- C:\Windows\system32\kernel32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17965
63229 - MS12-082: Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
-
Synopsis
The remote Windows host could allow arbitrary code execution.
Description
The version of Windows on the remote host is affected by a heap overflow vulnerability in DirectPlay that could allow an attacker to execute arbitrary code on the system. Successful exploitation requires that an attacker convince a user to view a specially crafted Office document with embedded content.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.6219
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 56839
CVE CVE-2012-1537
MSKB 2770660
XREF MSFT:MS12-082
XREF IAVB:2012-B-0124
Plugin Information
Published: 2012/12/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2770660
- C:\Windows\system32\Dpnet.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.17989
63420 - MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
-
Synopsis
Arbitrary code can be executed on the remote host through Microsoft XML Core Services.
Description
The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2, 8, 2012, Office 2003, 2007, Word Viewer, Office Compatibility Pack, Expression Web Service, Expression Web 2, SharePoint Server 2007 and Groove Server 2007.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.6508
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 57116
BID 57122
CVE CVE-2013-0006
CVE CVE-2013-0007
MSKB 2687497
MSKB 2687499
MSKB 2757638
MSKB 2758694
MSKB 2758696
MSKB 2760574
XREF MSFT:MS13-002
XREF IAVA:2013-A-0004
Plugin Information
Published: 2013/01/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2757638
- C:\Windows\SysWOW64\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.17988

KB : 2757638
- C:\Windows\SysWOW64\Msxml6.dll has not been patched.
Remote version : 6.30.7601.17514
Should be : 6.30.7601.17988

KB : 2757638
- C:\Windows\System32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.17988

KB : 2757638
- C:\Windows\System32\Msxml6.dll has not been patched.
Remote version : 6.30.7601.17514
Should be : 6.30.7601.17988
63422 - MS13-004: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the way the Windows Forms in .NET Framework handle pointers to unmanaged memory locations. (CVE-2013-0001)

- A buffer overflow vulnerability in a Windows Form method in the .NET Framework exists that could be exploited to gain elevated privileges. (CVE-2013-0002)

- A method in the S.DS.P namespace of the .NET Framework is affected by a buffer overflow vulnerability which could be exploited to gain elevated privileges.
(CVE-2013-0003)

- The way the .NET Framework validates permissions of certain objects in memory has a flaw that could be exploited to gain elevated privileges. (CVE-2013-0004).
See Also
Solution
Microsoft has released a set of patches for the .NET Framework on Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.6132
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 57113
BID 57114
BID 57124
BID 57126
CVE CVE-2013-0001
CVE CVE-2013-0002
CVE CVE-2013-0003
CVE CVE-2013-0004
MSKB 2742595
MSKB 2742596
MSKB 2742597
MSKB 2742598
MSKB 2742599
MSKB 2742601
MSKB 2742604
MSKB 2742613
MSKB 2742614
MSKB 2742616
MSKB 2756918
MSKB 2756919
MSKB 2756920
MSKB 2756921
MSKB 2756923
XREF MSFT:MS13-004
XREF IAVA:2013-A-0006-S
Plugin Information
Published: 2013/01/09, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5467
63423 - MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
-
Synopsis
The Windows kernel on the remote host is affected by a privilege escalation vulnerability.
Description
The remote host contains a flaw in the way the Windows kernel handles window broadcast messages. Successful exploitation could allow an attacker to take complete control of an affected system.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.4
EPSS Score
0.1496
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
References
BID 57135
CVE CVE-2013-0008
MSKB 2778930
XREF EDB-ID:24485
XREF MSFT:MS13-005
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/01/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2778930
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18010
63522 - MS13-008: Security Update for Internet Explorer (2799329)
-
Synopsis
The remote host is affected by a code execution vulnerability.
Description
The remote host is missing Internet Explorer (IE) Security Update 2799329.

The installed version of IE is affected by a vulnerability that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2.
Risk Factor
High
VPR Score
9.4
EPSS Score
0.9183
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 57070
CVE CVE-2012-4792
MSKB 2799329
XREF CERT:154201
XREF EDB-ID:23754
XREF MSFT:MS13-008
XREF CISA-KNOWN-EXPLOITED:2024/08/13
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/01/14, Modified: 2024/07/23
Plugin Output

tcp/445/cifs



KB : 2799329
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18021
64570 - MS13-009: Security Update for Internet Explorer (2792100)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2792100.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
9.4
EPSS Score
0.8605
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 57822
BID 57823
BID 57824
BID 57825
BID 57826
BID 57827
BID 57828
BID 57829
BID 57830
BID 57831
BID 57832
BID 57833
BID 57834
CVE CVE-2013-0015
CVE CVE-2013-0018
CVE CVE-2013-0019
CVE CVE-2013-0020
CVE CVE-2013-0021
CVE CVE-2013-0022
CVE CVE-2013-0023
CVE CVE-2013-0024
CVE CVE-2013-0025
CVE CVE-2013-0026
CVE CVE-2013-0027
CVE CVE-2013-0028
CVE CVE-2013-0029
MSKB 2792100
XREF EDB-ID:24495
XREF EDB-ID:24538
XREF MSFT:MS13-009
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2792100
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18035
64578 - MS13-017: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows kernel on the remote host has the following vulnerabilities :

- Multiple race condition vulnerabilities exists. (CVE-2013-1278, CVE-2013-1279)

- A reference count vulnerability exists. (CVE-2013-1280)

A local attacker could exploit any of these vulnerabilities to elevate privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.008
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 57854
BID 57855
BID 57856
CVE CVE-2013-1278
CVE CVE-2013-1279
CVE CVE-2013-1280
MSKB 2799494
XREF MSFT:MS13-017
Plugin Information
Published: 2013/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2799494
- C:\Windows\system32\Ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18044
64579 - MS13-018: Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows TCP/IP stack improperly handling a connection termination sequence. An attacker could use a specially crafted packer to exploit this vulnerability and cause a target system to stop responding and restart.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
3.6
EPSS Score
0.8153
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 57858
CVE CVE-2013-0075
MSKB 2790655
XREF MSFT:MS13-018
Plugin Information
Published: 2013/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2790655
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18042
64580 - MS13-019: Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
-
Synopsis
The remote Windows host has a privilege escalation vulnerability.
Description
The Windows Client/Server Run-time Subsystem (CSRSS) on the remote host has a privilege escalation vulnerability. Permissions are not properly validated when a lower-integrity process communicates a device event to a higher-integrity process. A local attacker could exploit this vulnerability to gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.008
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 57821
CVE CVE-2013-0076
MSKB 2790113
XREF MSFT:MS13-019
Plugin Information
Published: 2013/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2790113
- C:\Windows\system32\Winsrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18043
65210 - MS13-021: Security Update for Internet Explorer (2809289)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2809289.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5911
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 58341
BID 58342
BID 58343
BID 58344
BID 58345
BID 58346
BID 58347
BID 58348
BID 58437
CVE CVE-2013-0087
CVE CVE-2013-0088
CVE CVE-2013-0089
CVE CVE-2013-0090
CVE CVE-2013-0091
CVE CVE-2013-0092
CVE CVE-2013-0093
CVE CVE-2013-0094
CVE CVE-2013-1288
MSKB 2809289
XREF MSFT:MS13-021
Plugin Information
Published: 2013/03/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2809289
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18094
65215 - MS13-027: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
-
Synopsis
The Windows kernel on the remote host is affected by a privilege escalation vulnerability.
Description
The remote host contains a flaw when Windows USB drivers improperly handle objects in memory. An attacker could exploit this issue to run arbitrary code in kernel mode to gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0052
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 58359
BID 58360
BID 58361
CVE CVE-2013-1285
CVE CVE-2013-1286
CVE CVE-2013-1287
MSKB 2807986
XREF MSFT:MS13-027
XREF IAVA:2013-A-0063
Plugin Information
Published: 2013/03/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2807986
- C:\Windows\system32\drivers\Usb8023.sys has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18076
65875 - MS13-028: Security Update for Internet Explorer (2817183)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2817183.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.3683
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58850
BID 58851
BID 59633
CVE CVE-2013-1303
CVE CVE-2013-1304
CVE CVE-2013-1338
MSKB 2817183
XREF MSFT:MS13-028
Plugin Information
Published: 2013/04/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2817183
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18106
65876 - MS13-029: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
-
Synopsis
It is possible to execute arbitrary code on the remote host through the Remote Desktop ActiveX control.
Description
The remote host contains a version of the Remote Desktop ActiveX control that is affected by a remote code execution vulnerability when attempting to access an object in memory that has been deleted.

If an attacker can trick a user on the affected system into opening a specially crafted webpage, this issue could be leveraged to execute arbitrary code subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 7, 2008, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5398
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 58874
CVE CVE-2013-1296
MSKB 2813345
MSKB 2813347
XREF MSFT:MS13-029
Plugin Information
Published: 2013/04/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2813347
- C:\Windows\system32\Mstscax.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18079
66412 - MS13-037: Cumulative Security Update for Internet Explorer (2829530)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2829530.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
9.5
EPSS Score
0.9199
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 58570
BID 59734
BID 59737
BID 59745
BID 59746
BID 59747
BID 59748
BID 59751
BID 59752
BID 59753
BID 59754
CVE CVE-2013-0811
CVE CVE-2013-1297
CVE CVE-2013-1306
CVE CVE-2013-1307
CVE CVE-2013-1308
CVE CVE-2013-1309
CVE CVE-2013-1310
CVE CVE-2013-1311
CVE CVE-2013-1312
CVE CVE-2013-2551
CVE CVE-2013-3140
MSKB 2829530
XREF MSFT:MS13-037
XREF CISA-KNOWN-EXPLOITED:2022/04/18
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/05/15, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2829530
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18126
66413 - MS13-038: Security Update for Internet Explorer (2847204)
-
Synopsis
The remote host is affected by a code execution vulnerability.
Description
The remote host is missing Internet Explorer (IE) Security Update 2847204.

The installed version of IE is affected by a use-after-free vulnerability that could allow an attacker to execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, and 8.
Risk Factor
High
VPR Score
9.5
EPSS Score
0.8692
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 59641
CVE CVE-2013-1347
MSKB 2847204
XREF CERT:237655
XREF EDB-ID:25294
XREF MSFT:MS13-038
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/05/15, Modified: 2022/03/08
Plugin Output

tcp/445/cifs



KB : 2847204
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18129
66415 - MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :

- A spoofing vulnerability exists that could allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file.
(CVE-2013-1336)

- An authentication bypass vulnerability exists because of the way the Microsoft .NET framework improperly creates policy requirements for authentication when setting up WCF endpoint authentication. A remote attacker who exploited this vulnerability may be able to steal information or take actions in the context of an authenticated user. (CVE-2013-1337)
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5.1, 4.0, and 4.5.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.6024
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 59789
BID 59790
CVE CVE-2013-1336
CVE CVE-2013-1337
MSKB 2804576
MSKB 2804577
MSKB 2804579
MSKB 2804580
MSKB 2804582
MSKB 2804583
MSKB 2804584
XREF MSFT:MS13-040
Plugin Information
Published: 2013/05/15, Modified: 2019/11/27
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5469
66422 - MS13-046: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2840221)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows kernel on the remote host has the following vulnerabilities :

- A privilege escalation vulnerability exists in the Microsoft DirectX graphics kernel subsystem.
(CVE-2013-1332)

- A privilege escalation vulnerability exists in the Windows kernel-mode driver. (CVE-2013-1333, CVE-2013-1334)

A local attacker could exploit any of these vulnerabilities to elevate privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0132
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 59749
BID 59750
BID 59782
CVE CVE-2013-1332
CVE CVE-2013-1333
CVE CVE-2013-1334
MSKB 2829361
MSKB 2830290
XREF MSFT:MS13-046
Exploitable With
Core Impact (true)
Plugin Information
Published: 2013/05/15, Modified: 2019/11/27
Plugin Output

tcp/445/cifs



KB : 2829361
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18126

KB : 2830290
- C:\Windows\system32\drivers\Dxgkrnl.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18126
66863 - MS13-047: Cumulative Security Update for Internet Explorer (2838727)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2838727.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.4104
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 60374
BID 60376
BID 60377
BID 60378
BID 60379
BID 60380
BID 60381
BID 60382
BID 60383
BID 60384
BID 60385
BID 60386
BID 60387
BID 60388
BID 60389
BID 60390
BID 60391
BID 60392
BID 60393
CVE CVE-2013-3110
CVE CVE-2013-3111
CVE CVE-2013-3112
CVE CVE-2013-3113
CVE CVE-2013-3114
CVE CVE-2013-3116
CVE CVE-2013-3117
CVE CVE-2013-3118
CVE CVE-2013-3119
CVE CVE-2013-3120
CVE CVE-2013-3121
CVE CVE-2013-3122
CVE CVE-2013-3123
CVE CVE-2013-3124
CVE CVE-2013-3125
CVE CVE-2013-3126
CVE CVE-2013-3139
CVE CVE-2013-3141
CVE CVE-2013-3142
MSKB 2838727
XREF MSFT:MS13-047
Plugin Information
Published: 2013/06/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2838727
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18156
66865 - MS13-049: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows TCP/IP stack improperly handling packets during TCP connections. An attacker could use a specially crafted packet to exploit this vulnerability and cause a target system to stop responding and restart.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
3.6
EPSS Score
0.8835
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 60358
CVE CVE-2013-3138
MSKB 2845690
XREF MSFT:MS13-049
Plugin Information
Published: 2013/06/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2845690
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18148
66866 - MS13-050: Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
-
Synopsis
The remote Windows host is potentially affected by a privilege escalation vulnerability.
Description
The remote Windows host is potentially affected by a vulnerability that could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker who is able to successfully exploit the vulnerability could run arbitrary code on a user's system with system privileges. In order to exploit this issue, an attacker must have valid login credentials.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.1929
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 60407
CVE CVE-2013-1339
MSKB 2839894
XREF MSFT:MS13-050
XREF IAVA:2013-A-0120
Plugin Information
Published: 2013/06/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2839894
- C:\Windows\system32\win32spl.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18142
67209 - MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
-
Synopsis
The .NET Framework install on the remote Windows host could allow arbitrary code execution.
Description
The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities :

- A vulnerability exists in the way that affected components handle specially crafted TrueType font files that could lead to remote code execution. An attacker could leverage this issue by enticing a user to open a specially crafted TrueType font file.
(CVE-2013-3129)

- The .NET Framework does not properly handle multidimensional arrays of small structures, which could lead to remote code execution. (CVE-2013-3131)

- The .NET Framework does not properly validate the permissions of certain objects performing reflection.
This could allow an attacker to elevate their privileges and take complete control of the system.
(CVE-2013-3132)

- The .NET Framework does not properly validate the permissions of objects involved with reflection, which could lead to an elevation of privileges.
(CVE-2013-3133)

- The .NET Framework is affected by a remote code execution vulnerability due to the way in which it allocates arrays of small structures. (CVE-2013-3134)

- The .NET Framework does not properly validate the permissions for delegate objects during serialization, which could lead to an elevation of privileges.
(CVE-2013-3171)

- Microsoft Silverlight does not properly handle null pointers, which could lead to remote code execution.
(CVE-2013-3178)

An attacker may be able to leverage these vulnerabilities to execute arbitrary code on the affected system if a user can be tricked into viewing a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.0, 1.1, 2.0, 3.0, 3.5, 3.5.1, 4.0, and 4.5 as well as Silverlight 5.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5895
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 60932
BID 60933
BID 60934
BID 60935
BID 60937
BID 60938
BID 60978
CVE CVE-2013-3129
CVE CVE-2013-3131
CVE CVE-2013-3132
CVE CVE-2013-3133
CVE CVE-2013-3134
CVE CVE-2013-3171
CVE CVE-2013-3178
MSKB 2833941
MSKB 2833940
MSKB 2844285
MSKB 2832411
MSKB 2840629
MSKB 2832407
MSKB 2835393
MSKB 2840628
MSKB 2833949
MSKB 2833947
MSKB 2844287
MSKB 2832412
MSKB 2835622
MSKB 2833957
MSKB 2840642
MSKB 2832414
MSKB 2833946
MSKB 2840631
MSKB 2844286
MSKB 2832418
MSKB 2833959
MSKB 2840633
MSKB 2844289
MSKB 2833958
MSKB 2840632
MSKB 2847559
XREF MSFT:MS13-052
XREF IAVB:2013-B-0071
Plugin Information
Published: 2013/07/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.xml.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5476

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5472
67210 - MS13-053: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (2850851)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows kernel on the remote host has the following vulnerabilities :

- A memory allocation vulnerability exists.
(CVE-2013-1300)

- A dereference vulnerability exists. (CVE-2013-1340)

- A privilege escalation vulnerability exists in the Windows kernel-mode driver. (CVE-2013-1345)

- A TrueType Font parsing vulnerability exists.
(CVE-2013-3129)

- An information disclosure vulnerability exists.
(CVE-2013-3167)

- A buffer overflow vulnerability exists. (CVE-2013-3173)

- A flaw exists in kernel-mode drivers in how linked lists pointers are handled in PATHREC objects. (CVE-2013-3660)

A remote attacker could exploit any of these vulnerabilities to elevate privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
9.6
EPSS Score
0.6919
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 60051
BID 60946
BID 60947
BID 60948
BID 60949
BID 60950
BID 60951
BID 60978
CVE CVE-2013-1300
CVE CVE-2013-1340
CVE CVE-2013-1345
CVE CVE-2013-3129
CVE CVE-2013-3167
CVE CVE-2013-3172
CVE CVE-2013-3173
CVE CVE-2013-3660
MSKB 2850851
XREF EDB-ID:25611
XREF EDB-ID:25912
XREF EDB-ID:26554
XREF EDB-ID:33213
XREF MSFT:MS13-053
XREF CISA-KNOWN-EXPLOITED:2022/04/18
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/07/10, Modified: 2022/03/29
Plugin Output

tcp/445/cifs



KB : 2850851
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18176
67211 - MS13-054: Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
-
Synopsis
The remote Windows host has a remote code execution vulnerability.
Description
The version of Microsoft's GDI+ subsystem installed on the remote host has an unspecified code execution vulnerability. Specially crafted TrueType font files are not processed properly. A remote, unauthenticated attacker could exploit this vulnerability by getting a user to view content that contains malicious TrueType font files, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows, Office 2003, Office 2007, Office 2010, Lync 2010, Lync 2010 Attendee, Lync 2013, and Lync Basic 2013.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5165
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 60978
CVE CVE-2013-3129
MSKB 2687276
MSKB 2687309
MSKB 2817465
MSKB 2817480
MSKB 2834886
MSKB 2835361
MSKB 2835364
MSKB 2843160
MSKB 2843162
MSKB 2843163
MSKB 2856545
XREF MSFT:MS13-054
XREF IAVA:2013-A-0135
Plugin Information
Published: 2013/07/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2835361
None of the versions of 'DWrite.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.1.7601.18126

KB : 2834886
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 5.2.7601.18120
67212 - MS13-055: Cumulative Security Update for Internet Explorer (2846071)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2846071.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
9.2
EPSS Score
0.85
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 60941
BID 60957
BID 60962
BID 60963
BID 60964
BID 60965
BID 60966
BID 60967
BID 60968
BID 60969
BID 60970
BID 60971
BID 60972
BID 60973
BID 60974
BID 60975
BID 60976
BID 61482
BID 62372
BID 62376
CVE CVE-2013-3115
CVE CVE-2013-3143
CVE CVE-2013-3144
CVE CVE-2013-3145
CVE CVE-2013-3146
CVE CVE-2013-3147
CVE CVE-2013-3148
CVE CVE-2013-3149
CVE CVE-2013-3150
CVE CVE-2013-3151
CVE CVE-2013-3152
CVE CVE-2013-3153
CVE CVE-2013-3161
CVE CVE-2013-3162
CVE CVE-2013-3163
CVE CVE-2013-3164
CVE CVE-2013-3166
CVE CVE-2013-3846
CVE CVE-2013-4015
MSKB 2846071
XREF MSFT:MS13-055
XREF CISA-KNOWN-EXPLOITED:2023/04/20
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/07/10, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2846071
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18170
69324 - MS13-059: Cumulative Security Update for Internet Explorer (2862772)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2862772.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7892
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 61663
BID 61664
BID 61668
BID 61669
BID 61670
BID 61671
BID 61675
BID 61677
BID 61678
BID 61679
BID 61680
CVE CVE-2013-3184
CVE CVE-2013-3186
CVE CVE-2013-3187
CVE CVE-2013-3188
CVE CVE-2013-3189
CVE CVE-2013-3190
CVE CVE-2013-3191
CVE CVE-2013-3192
CVE CVE-2013-3193
CVE CVE-2013-3194
CVE CVE-2013-3199
MSKB 2862772
XREF MSFT:MS13-059
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/08/14, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2862772
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18210
69328 - MS13-063: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows version installed on the remote host is affected by multiple vulnerabilities :

- The Windows kernel is affected by multiple privilege escalation vulnerabilities due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited these issues could run arbitrary code in kernel mode.
(CVE-2013-3196, CVE-2013-3197, CVE-2013-3198)

- A vulnerability exists in a security feature of Windows due to the improper implementation of Address Space Layout Randomization (ASLR). An attacker could bypass the ASLR security feature to load a malicious DLL.
(CVE-2013-2556)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, and 8.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.3453
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 58566
BID 61682
BID 61683
BID 61684
CVE CVE-2013-2556
CVE CVE-2013-3196
CVE CVE-2013-3197
CVE CVE-2013-3198
MSKB 2859537
XREF MSFT:MS13-063
XREF IAVB:2013-B-0088-S
Plugin Information
Published: 2013/08/14, Modified: 2021/06/03
Plugin Output

tcp/445/cifs



KB : 2859537
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18205
69330 - MS13-065: Vulnerability in ICMPv6 Could Allow Denial of Service (2868623)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows TCP/IP stack improperly allocating memory for incoming ICMPv6 packets. An attacker could use a specially crafted ICMPv6 packet to exploit this vulnerability and cause a target system to stop responding until it is restarted.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
3.6
EPSS Score
0.8153
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 61666
CVE CVE-2013-3183
MSKB 2868623
XREF MSFT:MS13-065
Plugin Information
Published: 2013/08/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2868623
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18203
69829 - MS13-069: Cumulative Security Update for Internet Explorer (2870699)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2870699.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.8124
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 62187
BID 62204
BID 62206
BID 62207
BID 62208
BID 62209
BID 62211
BID 62212
BID 62213
BID 62214
CVE CVE-2013-3201
CVE CVE-2013-3202
CVE CVE-2013-3203
CVE CVE-2013-3204
CVE CVE-2013-3205
CVE CVE-2013-3206
CVE CVE-2013-3207
CVE CVE-2013-3208
CVE CVE-2013-3209
CVE CVE-2013-3845
MSKB 2870699
XREF MSFT:MS13-069
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/09/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2870699
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18228
69835 - MS13-076: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows kernel on the remote host has the following vulnerabilities :

- Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver. (CVE-2013-1341, CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, CVE-2013-3865)

- A privilege escalation vulnerability exists.
(CVE-2013-3866)

An attacker who successfully exploited these vulnerabilities could read arbitrary amounts of kernel memory or gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.0108
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 62180
BID 62193
BID 62195
BID 62196
BID 62197
BID 62198
BID 62199
CVE CVE-2013-1341
CVE CVE-2013-1342
CVE CVE-2013-1343
CVE CVE-2013-1344
CVE CVE-2013-3864
CVE CVE-2013-3865
CVE CVE-2013-3866
MSKB 2876315
XREF MSFT:MS13-076
Plugin Information
Published: 2013/09/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2876315
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18233
70332 - MS13-080: Cumulative Security Update for Internet Explorer (2879017)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2879017.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9055
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 62453
BID 62803
BID 62804
BID 62805
BID 62806
BID 62808
BID 62809
BID 62810
BID 62811
CVE CVE-2013-3872
CVE CVE-2013-3873
CVE CVE-2013-3874
CVE CVE-2013-3875
CVE CVE-2013-3882
CVE CVE-2013-3885
CVE CVE-2013-3886
CVE CVE-2013-3893
CVE CVE-2013-3897
MSKB 2879017
XREF MSFT:MS13-080
XREF CISA-KNOWN-EXPLOITED:2025/09/02
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/10/09, Modified: 2025/08/12
Plugin Output

tcp/445/cifs



KB : 2879017
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18269
70333 - MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
-
Synopsis
The Windows kernel drivers on the remote host are affected by multiple vulnerabilities.
Description
The remote Windows host has the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist in the way the Windows kernel-mode driver parses OpenType and TrueType fonts. (CVE-2013-3128, CVE-2013-3894)

- Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode drivers. (CVE-2013-3879, CVE-2013-3880, CVE-2013-3880, CVE-2013-3888)

- A privilege escalation vulnerability exists in the Windows USB drivers. (CVE-2013-3200)

An attacker who successfully exploited these vulnerabilities could read arbitrary amounts of kernel memory or gain elevated privileges.

Note that the update was re-offered for Windows 7 and 2008 R2 as of January 14, 2014.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, Windows RT, and 2012.
Risk Factor
High
VPR Score
9.2
EPSS Score
0.5784
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 62819
BID 62821
BID 62823
BID 62828
BID 62830
BID 62831
BID 62833
CVE CVE-2013-3128
CVE CVE-2013-3200
CVE CVE-2013-3879
CVE CVE-2013-3880
CVE CVE-2013-3881
CVE CVE-2013-3888
CVE CVE-2013-3894
MSKB 2847311
MSKB 2847311
MSKB 2862330
MSKB 2862335
MSKB 2863725
MSKB 2864202
MSKB 2868038
MSKB 2876284
MSKB 2883150
MSKB 2884256
XREF MSFT:MS13-081
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/10/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2847311
- C:\Windows\system32\Atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.238

KB : 2855844
- C:\Windows\system32\Fntcache.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18245

KB : 2876284
- C:\Windows\system32\drivers\Dxgkrnl.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18228

KB : 2883150
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18246
70334 - MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
-
Synopsis
The .NET Framework install on the remote Windows host could allow arbitrary code execution.
Description
The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities :

- A vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF) that could lead to remote code execution. An attacker could leverage this issue by enticing a user to visit a web page containing a specially crafted OTF font file. (CVE-2013-3128)

- The .NET Framework is affected by a denial of service vulnerability when parsing a specially crafted document type definition (DTD) for XML data. (CVE-2013-3860)

- The .NET Framework is affected by a denial of service vulnerability when parsing specially crafted JavaScript Object Notation (JSON) data. (CVE-2013-3861)
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.0, and 4.5.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.784
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 62807
BID 62819
BID 62820
CVE CVE-2013-3128
CVE CVE-2013-3860
CVE CVE-2013-3861
MSKB 2864058
MSKB 2877175
MSKB 2861702
MSKB 2861208
MSKB 2861193
MSKB 2858302
MSKB 2861188
MSKB 2861698
MSKB 2863240
MSKB 2861191
MSKB 2861697
MSKB 2863243
MSKB 2861704
MSKB 2861194
MSKB 2876919
MSKB 2861190
MSKB 2861189
MSKB 2863253
MSKB 2863239
XREF MSFT:MS13-082
XREF IAVA:2013-A-0187-S
Plugin Information
Published: 2013/10/09, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.security.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5475
70846 - MS13-088: Cumulative Security Update for Internet Explorer (2888505)
-
Synopsis
The remote host is affected by multiple code execution vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2888505.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.4719
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 63585
BID 63588
BID 63589
BID 63590
BID 63592
BID 63593
BID 63594
BID 63595
BID 63596
BID 63597
CVE CVE-2013-3871
CVE CVE-2013-3908
CVE CVE-2013-3909
CVE CVE-2013-3910
CVE CVE-2013-3911
CVE CVE-2013-3912
CVE CVE-2013-3914
CVE CVE-2013-3915
CVE CVE-2013-3916
CVE CVE-2013-3917
MSKB 2888505
XREF MSFT:MS13-088
Plugin Information
Published: 2013/11/13, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2888505
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18283
70847 - MS13-089: Critical Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the Graphic Rendering Engine, and in the way Windows handles Metafiles. An attacker could exploit this issue to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, and RT 8.1.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.7178
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 63546
CVE CVE-2013-3940
MSKB 2876331
XREF MSFT:MS13-089
XREF IAVA:2013-A-0214
Plugin Information
Published: 2013/11/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2876331
- C:\Windows\system32\gdi32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18275
70848 - MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986)
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host is missing a security update that sets kill bits to prevent Microsoft's InformationCardSigninHelper Class ActiveX control from instantiating in Internet Explorer. This control has a vulnerability that can be abused to execute arbitrary code remotely, if a user can be tricked into viewing a malicious web page using Internet Explorer. It is currently being exploited through limited, targeted attacks.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, and RT 8.1
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.861
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 63631
CVE CVE-2013-3918
MSKB 2900986
XREF MSFT:MS13-090
XREF IAVA:2013-A-0213
XREF CISA-KNOWN-EXPLOITED:2025/10/27
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/11/13, Modified: 2025/10/06
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{19916e01-b44e-4e31-94a4-4696df46157b}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
71312 - MS13-097: Cumulative Security Update for Internet Explorer (2898785)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2898785.

The installed version of IE is affected by multiple elevation of privilege and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.4
EPSS Score
0.2276
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 64115
BID 64117
BID 64119
BID 64120
BID 64123
BID 64124
BID 64126
CVE CVE-2013-5045
CVE CVE-2013-5046
CVE CVE-2013-5047
CVE CVE-2013-5048
CVE CVE-2013-5049
CVE CVE-2013-5051
CVE CVE-2013-5052
MSKB 2898785
XREF MSFT:MS13-097
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/12/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2898785
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18305
71313 - MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the method in which the WinVerifyTrust function deals with Windows Authenticode signature verification for portable executable files. An attacker could modify an existing signed executable to add malicious code without invalidating the signature. An attacker could then convince a user to run this signed executable and gain complete control of the system.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.8023
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 64079
CVE CVE-2013-3900
MSKB 2893294
XREF IAVA:2013-A-0227
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF MSFT:MS13-098
Plugin Information
Published: 2013/12/11, Modified: 2022/01/18
Plugin Output

tcp/445/cifs



KB : 2893294
- C:\Windows\system32\imagehlp.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18288
71314 - MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability in the Microsoft Scripting Runtime Object Library. An attacker could craft a malicious website designed to exploit this vulnerability via components of Internet Explorer. An attacker could then trick a user into visiting a website or opening an email attachment containing the crafted exploit.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.3361
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 64082
CVE CVE-2013-5056
MSKB 2892074
MSKB 2892075
MSKB 2892076
XREF MSFT:MS13-099
XREF IAVA:2013-A-0228
Plugin Information
Published: 2013/12/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2892074
- C:\Windows\system32\scrrun.dll has not been patched.
Remote version : 5.8.7600.16385
Should be : 5.8.7601.18283
71316 - MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
-
Synopsis
The Windows kernel drivers on the remote host are affected by multiple vulnerabilities.
Description
The remote Windows host has the following vulnerabilities :

- Multiple errors exist in the Windows kernel-mode drivers that could allow privilege escalation and arbitrary code execution. (CVE-2013-3899, CVE-2013-3902, CVE-2013-5058)

- An error exists in the way the Windows kernel-mode driver parses TrueType fonts that could allow denial of service attacks. (CVE-2013-3903)

- An error exists in the Windows audio port-class driver that could allow privilege escalation and arbitrary code execution. (CVE-2013-3907)

An attacker who successfully exploited these vulnerabilities could read arbitrary amounts of kernel memory or gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0281
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
References
BID 64080
BID 64084
BID 64087
BID 64090
BID 64091
CVE CVE-2013-3899
CVE CVE-2013-3902
CVE CVE-2013-3903
CVE CVE-2013-3907
CVE CVE-2013-5058
MSKB 2887069
MSKB 2893984
XREF EDB-ID:30397
XREF MSFT:MS13-101
Exploitable With
Core Impact (true)
Plugin Information
Published: 2013/12/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2893984
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18300
71943 - MS14-003: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2913602)
-
Synopsis
The Windows kernel on the remote host is affected by a privilege escalation vulnerability.
Description
The remote host contains a flaw in the way the Windows kernel handles thread-owned window handle objects. Successful exploitation could allow a local attacker to take complete control of an affected system.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0159
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 64725
CVE CVE-2014-0262
MSKB 2913602
XREF MSFT:MS14-003
Plugin Information
Published: 2014/01/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2913602
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18327
72428 - MS14-005: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
-
Synopsis
The remote host is affected by an information disclosure vulnerability.
Description
The remote host contains a version of Microsoft XML Core Services that is affected by an information disclosure vulnerability that could allow an attacker to read files on the local file system of a user, or read content of web domains where a user is currently authenticated.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
High
VPR Score
6.6
EPSS Score
0.3186
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:H/RL:OF/RC:C)
References
BID 65407
CVE CVE-2014-0266
MSKB 2916036
XREF MSFT:MS14-005
Plugin Information
Published: 2014/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2916036
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.18334
72432 - MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :

- An error exists related to handling stale or closed HTTP client connections that can allow denial of service attacks. (CVE-2014-0253)

- An error exists related to decisions regarding the safety of executing certain methods that can allow privilege escalation. (CVE-2014-0257)

- An error exists related to the component 'VSAVB7RT'
that can allow Address Space Layout Randomization (ASLR) bypasses. (CVE-2014-0295)
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.
Risk Factor
High
VPR Score
9.4
EPSS Score
0.7474
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 65415
BID 65417
BID 65418
CVE CVE-2014-0253
CVE CVE-2014-0257
CVE CVE-2014-0295
MSKB 2898855
MSKB 2898856
MSKB 2898857
MSKB 2898858
MSKB 2898860
MSKB 2898864
MSKB 2898865
MSKB 2898866
MSKB 2898868
MSKB 2898869
MSKB 2898870
MSKB 2898871
MSKB 2901110
MSKB 2901111
MSKB 2901112
MSKB 2901113
MSKB 2901115
MSKB 2901118
MSKB 2901119
MSKB 2901120
MSKB 2901125
MSKB 2901126
MSKB 2901127
MSKB 2901128
MSKB 2911501
MSKB 2911502
XREF MSFT:MS14-009
Exploitable With
Metasploit (true)
Plugin Information
Published: 2014/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5477

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.18444

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5479

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.18446
72433 - MS14-010: Cumulative Security Update for Internet Explorer (2909921)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2909921.

The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of IE is affected by an information disclosure vulnerability.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.4318
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 65361
BID 65363
BID 65367
BID 65370
BID 65371
BID 65372
BID 65373
BID 65375
BID 65376
BID 65377
BID 65378
BID 65380
BID 65381
BID 65382
BID 65383
BID 65384
BID 65385
BID 65386
BID 65388
BID 65389
BID 65390
BID 65392
BID 65394
BID 65395
CVE CVE-2014-0267
CVE CVE-2014-0268
CVE CVE-2014-0269
CVE CVE-2014-0270
CVE CVE-2014-0271
CVE CVE-2014-0272
CVE CVE-2014-0273
CVE CVE-2014-0274
CVE CVE-2014-0275
CVE CVE-2014-0276
CVE CVE-2014-0277
CVE CVE-2014-0278
CVE CVE-2014-0279
CVE CVE-2014-0280
CVE CVE-2014-0281
CVE CVE-2014-0283
CVE CVE-2014-0284
CVE CVE-2014-0285
CVE CVE-2014-0286
CVE CVE-2014-0287
CVE CVE-2014-0288
CVE CVE-2014-0289
CVE CVE-2014-0290
CVE CVE-2014-0293
MSKB 2909921
XREF MSFT:MS14-010
Plugin Information
Published: 2014/02/12, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2909921
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18365
72434 - MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.
Description
The installed version of the VBScript Scripting Engine has a memory corruption vulnerability due to improper handling of objects in memory.
If an attacker can trick a user on the system into viewing or opening malicious content, this issue could be leveraged to execute arbitrary code on the affected system, subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 2008 R2, 7, 8, 8.1, 2012, and 2012 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.4318
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 65395
CVE CVE-2014-0271
MSKB 2909210
MSKB 2909212
MSKB 2909213
XREF MSFT:MS14-011
Plugin Information
Published: 2014/02/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2909210
- C:\Windows\system32\Vbscript.dll has not been patched.
Remote version : 5.8.7601.17514
Should be : 5.8.7601.18337
72930 - MS14-012: Cumulative Security Update for Internet Explorer (2925418)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2925418.

The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of IE is affected by an information disclosure vulnerability.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.932
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 65551
BID 66023
BID 66025
BID 66026
BID 66027
BID 66028
BID 66029
BID 66030
BID 66031
BID 66032
BID 66033
BID 66034
BID 66035
BID 66036
BID 66037
BID 66038
BID 66039
BID 66040
BID 70266
CVE CVE-2014-0297
CVE CVE-2014-0298
CVE CVE-2014-0299
CVE CVE-2014-0302
CVE CVE-2014-0303
CVE CVE-2014-0304
CVE CVE-2014-0305
CVE CVE-2014-0306
CVE CVE-2014-0307
CVE CVE-2014-0308
CVE CVE-2014-0309
CVE CVE-2014-0311
CVE CVE-2014-0312
CVE CVE-2014-0313
CVE CVE-2014-0314
CVE CVE-2014-0321
CVE CVE-2014-0322
CVE CVE-2014-0324
CVE CVE-2014-4112
MSKB 2925418
XREF CERT:732479
XREF EDB-ID:32851
XREF EDB-ID:32438
XREF EDB-ID:32904
XREF MSFT:MS14-012
XREF CISA-KNOWN-EXPLOITED:2022/05/25
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2014/03/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2925418
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18392
72934 - MS14-015: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
-
Synopsis
The Windows kernel drivers on the remote host are affected by multiple vulnerabilities.
Description
The remote Windows host has the following vulnerabilities :

- A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory.If successfully exploited, a locally authenticated attacker could run a specially crafted application in kernel mode to take control of the system. (CVE-2014-0300)

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. An attacker could exploit this issue to disclose information from kernel memory on the local system. (CVE-2014-0323)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.0127
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
References
BID 66003
BID 66007
CVE CVE-2014-0300
CVE CVE-2014-0323
MSKB 2930275
XREF MSFT:MS14-015
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/03/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2930275
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18388
73415 - MS14-018: Cumulative Security Update for Internet Explorer (2950467)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2950467.

The installed version of IE is affected by multiple memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.3595
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 66646
BID 66647
BID 66648
BID 66652
BID 66653
BID 66654
CVE CVE-2014-0325
CVE CVE-2014-1751
CVE CVE-2014-1752
CVE CVE-2014-1753
CVE CVE-2014-1755
CVE CVE-2014-1760
MSKB 2936068
XREF MSFT:MS14-018
Plugin Information
Published: 2014/04/08, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2936068
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18404
73986 - MS14-027: Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of file associations. A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the Local System account.
See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.0313
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
References
BID 67276
CVE CVE-2014-1807
MSKB 2926765
MSKB 2962123
XREF MSFT:MS14-027
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/05/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2926765
- C:\Windows\system32\Shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18429
73988 - MS14-029: Security Update for Internet Explorer (2962482)
-
Synopsis
The remote host has a web browser that is affected by multiple memory corruption vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2962482.

The installed version of IE is affected by multiple memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.3925
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 67299
BID 67301
CVE CVE-2014-0310
CVE CVE-2014-1815
MSKB 2953522
MSKB 2961851
XREF EDB-ID:34458
XREF MSFT:MS14-029
Plugin Information
Published: 2014/05/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2953522
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18448
74428 - MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The version of Microsoft's Graphics Component installed on the remote host is affected by code execution vulnerabilities due to the way GDI+ handles image record types in specially crafted files. A remote, unauthenticated attacker could exploit these issues by tricking a user into viewing content that contains malicious files, which could result in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows Server 2003, Vista, Server 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, Office 2007, Office 2010, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013, and Lync Basic 2013.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.4444
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 67897
BID 67904
CVE CVE-2014-1817
CVE CVE-2014-1818
MSKB 2957503
MSKB 2957509
MSKB 2964736
MSKB 2965155
MSKB 2964718
MSKB 2878233
MSKB 2881069
MSKB 2863942
MSKB 2881071
MSKB 2963285
MSKB 2963282
MSKB 2963284
MSKB 2881013
MSKB 2965161
MSKB 2968966
XREF MSFT:MS14-036
XREF IAVA:2014-A-0080
Plugin Information
Published: 2014/06/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2957509
- C:\Windows\SysWOW64\Usp10.dll has not been patched.
Remote version : 1.626.7601.17514
Should be : 1.626.7601.18454

KB : 2957503
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 5.2.7601.18455
76406 - MS14-037: Cumulative Security Update for Internet Explorer (2975687)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2975687.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
Critical
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4257
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
BID 66200
BID 66244
BID 68369
BID 68371
BID 68372
BID 68373
BID 68374
BID 68375
BID 68376
BID 68377
BID 68378
BID 68379
BID 68380
BID 68381
BID 68382
BID 68383
BID 68384
BID 68385
BID 68386
BID 68387
BID 68388
BID 68389
BID 68390
BID 68391
BID 70103
CVE CVE-2014-1763
CVE CVE-2014-1765
CVE CVE-2014-2783
CVE CVE-2014-2785
CVE CVE-2014-2786
CVE CVE-2014-2787
CVE CVE-2014-2788
CVE CVE-2014-2789
CVE CVE-2014-2790
CVE CVE-2014-2791
CVE CVE-2014-2792
CVE CVE-2014-2794
CVE CVE-2014-2795
CVE CVE-2014-2797
CVE CVE-2014-2798
CVE CVE-2014-2800
CVE CVE-2014-2801
CVE CVE-2014-2802
CVE CVE-2014-2803
CVE CVE-2014-2804
CVE CVE-2014-2806
CVE CVE-2014-2807
CVE CVE-2014-2809
CVE CVE-2014-2813
CVE CVE-2014-4066
MSKB 2962872
MSKB 2963952
XREF MSFT:MS14-037
Plugin Information
Published: 2014/07/08, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2962872
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18487
76408 - MS14-039: Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of low integrity processes with the On- Screen Keyboard (OSK). A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the current user.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.0754
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 68397
CVE CVE-2014-2781
MSKB 2973201
MSKB 2973906
XREF MSFT:MS14-039
XREF IAVA:2014-A-0096
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/07/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2973201
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18512
76409 - MS14-040: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)
-
Synopsis
The remote Windows host contains a driver that allows elevation of privilege.
Description
The remote Windows host contains a version of the Ancillary Function Driver (afd.sys) that is affected by a privilege escalation vulnerability. The flaw is due to the Ancillary Function Driver not properly processing user-supplied input, leading to a double free scenario, allowing a local attacker to elevate privileges by running a specially crafted application.
See Also
Solution
Microsoft has released a set of patches for Windows 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.6055
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 68394
CVE CVE-2014-1767
MSKB 2973408
MSKB 2961072
XREF MSFT:MS14-040
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2014/07/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2961072
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18489
77163 - MS14-045: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper usage of window handle thread-owned objects. A local attacker could execute a specially crafted application in kernel mode to take control of the system. (CVE-2014-0318).

- A privilege escalation vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory while processing font files. A local attacker could execute a specially crafted font file to escalate privileges. (CVE-2014-1819)

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. An attacker could exploit this issue to disclose information from kernel memory on the local system. (CVE-2014-4064).
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0131
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 69142
BID 69143
BID 69144
CVE CVE-2014-0318
CVE CVE-2014-1819
CVE CVE-2014-4064
MSKB 2976897
MSKB 2993651
XREF MSFT:MS14-045
XREF IAVA:2014-A-0124
Plugin Information
Published: 2014/08/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2976897
- C:\Windows\system32\drivers\dxgkrnl.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18510
77165 - MS14-047: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
-
Synopsis
The remote Windows host is affected by a security bypass vulnerability.
Description
The remote Windows host is affected by a security feature bypass vulnerability in Microsoft Remote Procedure Call (LRPC). The vulnerability is due to RPC improperly freeing malformed messages, allowing an attacker to fill up the address space of a process.
Successful exploitation of the issue allows an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.0899
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 69097
CVE CVE-2014-0316
MSKB 2978668
XREF MSFT:MS14-047
XREF IAVA:2014-A-0129
Plugin Information
Published: 2014/08/12, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 2978668
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18532
77167 - MS14-049: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of the repair functionality in the Windows installer service. A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the system administrator.
See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0093
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 69112
CVE CVE-2014-1814
MSKB 2918614
XREF MSFT:MS14-049
Plugin Information
Published: 2014/08/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2918614
- C:\Windows\system32\msi.dll has not been patched.
Remote version : 5.0.7601.17514
Should be : 5.0.7601.18493
77169 - MS14-051: Cumulative Security Update for Internet Explorer (2976627)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2976627.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.2339
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 69090
BID 69092
BID 69095
BID 69100
BID 69101
BID 69103
BID 69104
BID 69106
BID 69115
BID 69116
BID 69117
BID 69118
BID 69119
BID 69120
BID 69121
BID 69122
BID 69124
BID 69125
BID 69126
BID 69127
BID 69128
BID 69129
BID 69130
BID 69131
BID 69132
BID 69134
BID 72593
BID 99810
CVE CVE-2014-2774
CVE CVE-2014-2784
CVE CVE-2014-2796
CVE CVE-2014-2808
CVE CVE-2014-2810
CVE CVE-2014-2811
CVE CVE-2014-2817
CVE CVE-2014-2818
CVE CVE-2014-2819
CVE CVE-2014-2820
CVE CVE-2014-2821
CVE CVE-2014-2822
CVE CVE-2014-2823
CVE CVE-2014-2824
CVE CVE-2014-2825
CVE CVE-2014-2826
CVE CVE-2014-2827
CVE CVE-2014-4050
CVE CVE-2014-4051
CVE CVE-2014-4052
CVE CVE-2014-4055
CVE CVE-2014-4056
CVE CVE-2014-4057
CVE CVE-2014-4058
CVE CVE-2014-4063
CVE CVE-2014-4067
CVE CVE-2014-4145
CVE CVE-2014-6354
CVE CVE-2014-8985
MSKB 2976627
XREF MSFT:MS14-051
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2014/08/12, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2976627
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18534
77572 - MS14-052: Cumulative Security Update for Internet Explorer (2977629)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2977629.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.2
EPSS Score
0.8181
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 65601
BID 69576
BID 69578
BID 69580
BID 69581
BID 69583
BID 69584
BID 69585
BID 69587
BID 69588
BID 69589
BID 69590
BID 69591
BID 69595
BID 69596
BID 69597
BID 69598
BID 69599
BID 69600
BID 69601
BID 69602
BID 69604
BID 69605
BID 69606
BID 69607
BID 69608
BID 69609
BID 69610
BID 69611
BID 69612
BID 69613
BID 69614
BID 69615
BID 69616
BID 69617
BID 69618
BID 69619
CVE CVE-2013-7331
CVE CVE-2014-2799
CVE CVE-2014-4059
CVE CVE-2014-4065
CVE CVE-2014-4079
CVE CVE-2014-4080
CVE CVE-2014-4081
CVE CVE-2014-4082
CVE CVE-2014-4083
CVE CVE-2014-4084
CVE CVE-2014-4085
CVE CVE-2014-4086
CVE CVE-2014-4087
CVE CVE-2014-4088
CVE CVE-2014-4089
CVE CVE-2014-4090
CVE CVE-2014-4091
CVE CVE-2014-4092
CVE CVE-2014-4093
CVE CVE-2014-4094
CVE CVE-2014-4095
CVE CVE-2014-4096
CVE CVE-2014-4097
CVE CVE-2014-4098
CVE CVE-2014-4099
CVE CVE-2014-4100
CVE CVE-2014-4101
CVE CVE-2014-4102
CVE CVE-2014-4103
CVE CVE-2014-4104
CVE CVE-2014-4105
CVE CVE-2014-4106
CVE CVE-2014-4107
CVE CVE-2014-4108
CVE CVE-2014-4109
CVE CVE-2014-4110
CVE CVE-2014-4111
MSKB 2977629
XREF CERT:539289
XREF MSFT:MS14-052
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2014/09/10, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2977629
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18571
78431 - MS14-056: Cumulative Security Update for Internet Explorer (2987107)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The remote host is missing Internet Explorer (IE) Security Update 2987107.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5288
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 70325
BID 70326
BID 70328
BID 70329
BID 70330
BID 70331
BID 70332
BID 70334
BID 70335
BID 70336
BID 70339
BID 70340
BID 70342
BID 70349
CVE CVE-2014-4123
CVE CVE-2014-4124
CVE CVE-2014-4126
CVE CVE-2014-4127
CVE CVE-2014-4128
CVE CVE-2014-4129
CVE CVE-2014-4130
CVE CVE-2014-4132
CVE CVE-2014-4133
CVE CVE-2014-4134
CVE CVE-2014-4137
CVE CVE-2014-4138
CVE CVE-2014-4140
CVE CVE-2014-4141
MSKB 2987107
XREF MSFT:MS14-056
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2014/10/15, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 2987107
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18595
78433 - MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- A privilege escalation vulnerability allows an attacker to run arbitrary code in kernel mode due to the kernel-mode driver improperly handling objects in memory. (CVE-2014-4113)

- A remote code execution vulnerability allows a remote attacker to run arbitrary code in kernel mode due to the kernel-mode driver improperly handling TrueType fonts.
An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted TrueType font file. (CVE-2014-4148)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.8243
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 70364
BID 70429
CVE CVE-2014-4113
CVE CVE-2014-4148
MSKB 3000061
XREF EDB-ID:35101
XREF MSFT:MS14-058
XREF CISA-KNOWN-EXPLOITED:2022/05/25
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2014/10/15, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



KB : 3000061
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18615
78435 - MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to improperly handled OLE objects. An attacker can exploit this vulnerability by convincing a user to open a file containing a specially crafted OLE object, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.7
EPSS Score
0.9235
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 70419
CVE CVE-2014-4114
MSKB 3000869
XREF EDB-ID:35019
XREF EDB-ID:35055
XREF MSFT:MS14-060
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2014/10/15, Modified: 2022/03/08
Plugin Output

tcp/445/cifs



KB : 3000869
- C:\Windows\system32\packager.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18601
79125 - MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- A remote code execution vulnerability due to Internet Explorer improperly handling access to objects in memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website in Internet Explorer, resulting in execution of arbitrary code in the context of the current user.
(CVE-2014-6332)

- A remote code execution vulnerability due to a flaw in the OLE package manager. A remote attacker can exploit this vulnerability by convincing a user to open an Office file containing specially crafted OLE objects, resulting in execution of arbitrary code in the context of the current user. (CVE-2014-6352)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.8
EPSS Score
0.9409
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 70690
BID 70952
CVE CVE-2014-6332
CVE CVE-2014-6352
MSKB 3006226
MSKB 3010788
XREF CERT:158647
XREF EDB-ID:35229
XREF MSFT:MS14-064
XREF CISA-KNOWN-EXPLOITED:2022/08/25
XREF CISA-KNOWN-EXPLOITED:2022/04/15
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2014/11/11, Modified: 2022/03/28
Plugin Output

tcp/445/cifs



KB : 3006226
- C:\Windows\system32\Oleaut32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18640
79126 - MS14-065: Cumulative Security Update for Internet Explorer (3003057)
-
Synopsis
The remote host has a web browser that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3003057. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.4481
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 70323
BID 70333
BID 70337
BID 70338
BID 70341
BID 70344
BID 70345
BID 70346
BID 70347
BID 70348
BID 70939
BID 70940
BID 70941
BID 70942
BID 70946
BID 70947
BID 70948
CVE CVE-2014-4143
CVE CVE-2014-6323
CVE CVE-2014-6337
CVE CVE-2014-6339
CVE CVE-2014-6340
CVE CVE-2014-6341
CVE CVE-2014-6342
CVE CVE-2014-6343
CVE CVE-2014-6344
CVE CVE-2014-6345
CVE CVE-2014-6346
CVE CVE-2014-6347
CVE CVE-2014-6348
CVE CVE-2014-6349
CVE CVE-2014-6350
CVE CVE-2014-6351
CVE CVE-2014-6353
MSKB 3003057
XREF MSFT:MS14-065
Plugin Information
Published: 2014/11/12, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3003057
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18660

79638 - MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611) (uncredentialed check)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server.

Note that this plugin sends a client Certificate TLS handshake message followed by a CertificateVerify message. Some Windows hosts will close the connection upon receiving a client certificate for which it did not ask for with a CertificateRequest message. In this case, the plugin cannot proceed to detect the vulnerability as the CertificateVerify message cannot be sent.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.9327
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 70954
CVE CVE-2014-6321
MSKB 2992611
XREF CERT:505120
XREF MSFT:MS14-066
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/12/01, Modified: 2026/01/20
Plugin Output

tcp/3389/msrdp

79128 - MS14-067: Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote host contains a version of Microsoft XML Core Services (MSXML) that is affected by a remote code execution vulnerability. An attacker can exploit this issue by convincing a user to visit a specially crafted website, allowing the attacker to execute code with the current user's permissions.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.2841
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 70957
CVE CVE-2014-4118
MSKB 2993958
XREF MSFT:MS14-067
Plugin Information
Published: 2014/11/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2993958
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.18576
79311 - MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) (ESKIMOROLL)
-
Synopsis
The remote implementation of Kerberos KDC is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to the Kerberos Key Distribution Center (KDC) implementation not properly validating signatures. A remote attacker can exploit this vulnerability to elevate an unprivileged domain user account to a domain administrator account.

ESKIMOROLL is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.884
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 70958
CVE CVE-2014-6324
MSKB 3011780
XREF CERT:213119
XREF IAVA:2014-A-0180
XREF MSFT:MS14-068
XREF CISA-KNOWN-EXPLOITED:2022/04/15
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2014/11/18, Modified: 2023/10/11
Plugin Output

tcp/445/cifs



KB : 3011780
- C:\Windows\system32\kerberos.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18658
79132 - MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by a privilege elevation vulnerability.
Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability related to how it handles TypeFilterLevel checks for some malformed objects. This can be used by a remote attacker to gain privilege elevation via a specially crafted packet sent to a host that is using .NET Remoting.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.3775
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 70979
CVE CVE-2014-4149
MSKB 2978114
MSKB 2978116
MSKB 2978120
MSKB 2978121
MSKB 2978122
MSKB 2978124
MSKB 2978125
MSKB 2978126
MSKB 2978127
MSKB 2978128
XREF MSFT:MS14-072
XREF IAVA:2014-A-0173-S
Plugin Information
Published: 2014/11/12, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.runtime.remoting.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5488

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34245
79137 - MS14-078: Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Input Method Editor (IME) (Japanese) component that is triggered when loading dictionary files. An attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in a sandbox escape and an escalation of privileges in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, and Office 2007 SP3.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.3427
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 70944
CVE CVE-2014-4077
MSKB 2889913
MSKB 2991963
XREF MSFT:MS14-078
XREF IAVA:2014-A-0179
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2014/11/12, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



KB : 2991963
- C:\Windows\system32\imjp10k.dll has not been patched.
Remote version : 10.1.7600.16385
Should be : 10.1.7601.18556
79138 - MS14-079: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)
-
Synopsis
The remote Windows host is affected by denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows kernel-mode driver not properly validating array indexes when loading TrueType font files. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted TrueType font file, resulting in a restart of the user's system.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
3.6
EPSS Score
0.267
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 70949
CVE CVE-2014-6317
MSKB 3002885
XREF MSFT:MS14-079
Plugin Information
Published: 2014/11/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3002885
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18635
79828 - MS14-080: Cumulative Security Update for Internet Explorer (3008923)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3008923. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.3317
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 71446
BID 71447
BID 71448
BID 71450
BID 71452
BID 71453
BID 71454
BID 71455
BID 71456
BID 71457
BID 71458
BID 71460
BID 71463
BID 71504
CVE CVE-2014-6327
CVE CVE-2014-6328
CVE CVE-2014-6329
CVE CVE-2014-6330
CVE CVE-2014-6363
CVE CVE-2014-6365
CVE CVE-2014-6366
CVE CVE-2014-6368
CVE CVE-2014-6369
CVE CVE-2014-6373
CVE CVE-2014-6374
CVE CVE-2014-6375
CVE CVE-2014-6376
CVE CVE-2014-8966
MSKB 3008923
MSKB 3029449
XREF MSFT:MS14-080
Plugin Information
Published: 2014/12/09, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3008923
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18667
79833 - MS14-084: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
-
Synopsis
Arbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.
Description
The installed version of the VBScript Scripting Engine is affected by a remote code execution vulnerability due to improper handling of objects in memory. By tricking a user into viewing or opening malicious content, an attacker can exploit this to execute arbitrary code on the affected system, subject to the user's privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 2008 R2, and 7.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.2683
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 71504
CVE CVE-2014-6363
MSKB 3012168
MSKB 3012172
MSKB 3012176
XREF MSFT:MS14-084
Plugin Information
Published: 2014/12/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3012176
- C:\Windows\system32\Vbscript.dll has not been patched.
Remote version : 5.8.7601.17514
Should be : 5.8.7601.18648
80490 - MS15-001: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the authorization of a caller's impersonation token in the Microsoft Windows Application Compatibility Infrastructure (AppCompat) component. A local attacker, with a specially crafted program, can bypass the authorization check to create cache entries, resulting in an escalation of privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 8, 8.1, 2012 and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.382
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 71972
CVE CVE-2015-0002
MSKB 3023266
XREF MSFT:MS15-001
Exploitable With
Metasploit (true)
Plugin Information
Published: 2015/01/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3023266
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18700
80492 - MS15-003: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user privilege in the Windows User Profile Service (ProfSvc). A local attacker, with a specially crafted application, can load registry hives associated with other user accounts to execute arbitrary code with elevated permissions.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.2044
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 71967
CVE CVE-2015-0004
MSKB 3021674
XREF MSFT:MS15-003
XREF IAVA:2015-A-0008
Plugin Information
Published: 2015/01/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3021674
- C:\Windows\system32\profsvc.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18706
80493 - MS15-004: Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the TS WebProxy Windows component due to a failure to properly sanitize file paths. An attacker can exploit this to gain the same rights as the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.9226
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 71965
CVE CVE-2015-0016
MSKB 3023299
MSKB 3019978
MSKB 3020387
MSKB 3020388
XREF EDB-ID:35983
XREF MSFT:MS15-004
XREF IAVA:2015-A-0010
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Exploitable With
Metasploit (true)
Plugin Information
Published: 2015/01/13, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



KB : 3019978
- C:\Windows\system32\TSWbPrxy.exe has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18699
80496 - MS15-007: Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to a failure to properly parse username queries on an Internet Authentication Service (IAS) or a Network Policy Server (NPS). A remote, unauthenticated attacker, using specially crafted username strings, can exploit this to prevent RADIUS authentication on the IAS or NPS server.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, 2008, 2008 R2, 2012, and 2012 R2.
Risk Factor
High
VPR Score
2.7
EPSS Score
0.4758
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 71933
CVE CVE-2015-0015
MSKB 3014029
XREF MSFT:MS15-007
Plugin Information
Published: 2015/01/13, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 3014029
- C:\Windows\system32\iassam.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18685
81262 - MS15-009: Security Update for Internet Explorer (3034682)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3034682. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page.

Hosts running Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11 will not be fully protected until both security update 3021952 and security update 3034196 are applied to the system.
Security update 3034196 may require manual installation depending on your patching method.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5142
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 71483
BID 72402
BID 72403
BID 72404
BID 72409
BID 72410
BID 72411
BID 72412
BID 72413
BID 72414
BID 72415
BID 72416
BID 72417
BID 72418
BID 72419
BID 72420
BID 72421
BID 72422
BID 72423
BID 72424
BID 72425
BID 72426
BID 72436
BID 72437
BID 72438
BID 72439
BID 72440
BID 72441
BID 72442
BID 72443
BID 72444
BID 72445
BID 72446
BID 72447
BID 72448
BID 72453
BID 72454
BID 72455
BID 72478
BID 72479
BID 72480
CVE CVE-2014-8967
CVE CVE-2015-0017
CVE CVE-2015-0018
CVE CVE-2015-0019
CVE CVE-2015-0020
CVE CVE-2015-0021
CVE CVE-2015-0022
CVE CVE-2015-0023
CVE CVE-2015-0025
CVE CVE-2015-0026
CVE CVE-2015-0027
CVE CVE-2015-0028
CVE CVE-2015-0029
CVE CVE-2015-0030
CVE CVE-2015-0031
CVE CVE-2015-0035
CVE CVE-2015-0036
CVE CVE-2015-0037
CVE CVE-2015-0038
CVE CVE-2015-0039
CVE CVE-2015-0040
CVE CVE-2015-0041
CVE CVE-2015-0042
CVE CVE-2015-0043
CVE CVE-2015-0044
CVE CVE-2015-0045
CVE CVE-2015-0046
CVE CVE-2015-0048
CVE CVE-2015-0049
CVE CVE-2015-0050
CVE CVE-2015-0051
CVE CVE-2015-0052
CVE CVE-2015-0053
CVE CVE-2015-0054
CVE CVE-2015-0055
CVE CVE-2015-0066
CVE CVE-2015-0067
CVE CVE-2015-0068
CVE CVE-2015-0069
CVE CVE-2015-0070
CVE CVE-2015-0071
MSKB 3021952
MSKB 3034196
XREF MSFT:MS15-009
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2015/06/05, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



KB : 3021952
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18715
81263 - MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security patch. It is, therefore, affected by the following vulnerabilities :

- A privilege escalation vulnerability exists in the Windows kernel-mode driver that is caused by improperly handling objects in memory. (CVE-2015-0003, CVE-2015-0057)

- A security feature bypass vulnerability exists in the Cryptography Next Generation kernel-mode driver when failing to properly validate and enforce impersonation levels. (CVE-2015-0010)

- A privilege escalation vulnerability exists in the Windows kernel-mode driver due to a double-free condition. (CVE-2015-0058)

- A remote code execution vulnerability exists in the Windows kernel-mode driver that is caused when improperly handling TrueType fonts. (CVE-2015-0059)

- A denial of service vulnerability exists in the Windows kernel-mode driver that is caused when the Windows font mapper attempts to scale a font.
(CVE-2015-0060)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.0
EPSS Score
0.6527
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 72457
BID 72461
BID 72466
BID 72468
BID 72470
BID 72472
CVE CVE-2015-0003
CVE CVE-2015-0010
CVE CVE-2015-0057
CVE CVE-2015-0058
CVE CVE-2015-0059
CVE CVE-2015-0060
MSKB 3013455
MSKB 3023562
MSKB 3036220
XREF MSFT:MS15-010
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/02/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3013455
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18713
81268 - MS15-015: Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of the authorization of a caller's impersonation token when the caller's process uses SeAssignPrimaryTokenPrivilege. A local attacker, using a specially crafted program, can bypass the authorization check, resulting in an escalation of privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0145
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 72458
CVE CVE-2015-0062
MSKB 3031432
XREF MSFT:MS15-015
XREF IAVA:2015-A-0035
Plugin Information
Published: 2015/02/10, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 3031432
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18715
81733 - MS15-018: Cumulative Security Update for Internet Explorer (3032359)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3032359. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted website.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.8855
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 72489
BID 72910
BID 72923
BID 72924
BID 72925
BID 72926
BID 72927
BID 72928
BID 72929
BID 72930
BID 72931
BID 72932
CVE CVE-2015-0032
CVE CVE-2015-0056
CVE CVE-2015-0072
CVE CVE-2015-0099
CVE CVE-2015-0100
CVE CVE-2015-1622
CVE CVE-2015-1623
CVE CVE-2015-1624
CVE CVE-2015-1625
CVE CVE-2015-1626
CVE CVE-2015-1627
CVE CVE-2015-1634
MSKB 3032359
XREF MSFT:MS15-018
Plugin Information
Published: 2015/03/10, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3032359
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18751
81735 - MS15-020: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836) (EASYHOOKUP)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists in Windows Text Services due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code. (CVE-2015-0059)

- A remote code execution vulnerability exists due to improper loading of DLL files. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or remote network share, resulting in the execution of arbitrary code.
(CVE-2015-0096) (EASYHOOKUP)

EASYHOOKUP is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8707
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 72886
BID 72894
CVE CVE-2015-0081
CVE CVE-2015-0096
MSKB 3033889
MSKB 3039066
XREF MSFT:MS15-020
XREF IAVA:2015-A-0053
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information
Published: 2015/03/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3039066
- C:\Windows\system32\shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18762
81736 - MS15-021: Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)
-
Synopsis
The Adobe Font driver on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities in the Adobe Font driver :

- A flaw exists in the Adobe Font Driver due to improper allocation of memory. This allows a remote attacker, using a specially crafted font in a file or website, to cause a denial of service. (CVE-2015-0074)

- Multiple flaws exist in the Adobe Font Driver that allow a remote attacker, using specially crafted fonts, to obtain sensitive information from kernel memory.
(CVE-2015-0087, CVE-2015-0089)

- Multiple flaws exist in the Adobe Font Driver due to improper validation of user-supplied input. A remote attacker can exploit this, using a specially crafted font in a file or website, to execute arbitrary code.
(CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, CVE-2015-0093)
See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, Windows RT, 2012, 8.1, Windows RT 8.1, and 2012 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.2439
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 72892
BID 72893
BID 72896
BID 72898
BID 72904
BID 72905
BID 72906
BID 72907
CVE CVE-2015-0074
CVE CVE-2015-0087
CVE CVE-2015-0088
CVE CVE-2015-0089
CVE CVE-2015-0090
CVE CVE-2015-0091
CVE CVE-2015-0092
CVE CVE-2015-0093
MSKB 3032323
XREF MSFT:MS15-021
Plugin Information
Published: 2015/03/10, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3032323
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.241
81737 - MS15-023: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The version of Windows running on the remote host is affected by the following vulnerabilities :

- Information disclosure vulnerabilities exist in the kernel-mode driver that can reveal portions of kernel memory. An attacker can exploit these and gain information about the system, which can then be used to launch further attacks. (CVE-2015-0077, CVE-2015-0094, CVE-2015-0095)

- A privilege escalation vulnerability exists in the kernel-mode driver due to improper validation of thread tokens. An authenticated attacker, using a specially crafted application, can exploit this issue to gain administrative credentials in order to elevate privileges. (CVE-2015-0078)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0255
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 72897
BID 72902
BID 72935
BID 72936
CVE CVE-2015-0077
CVE CVE-2015-0078
CVE CVE-2015-0094
CVE CVE-2015-0095
MSKB 3034344
XREF MSFT:MS15-023
Plugin Information
Published: 2015/03/10, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3034344
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18773
81739 - MS15-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
-
Synopsis
The remote Windows host is affected by multiple privilege escalation vulnerabilities.
Description
The remote Windows host is affected by multiple privilege escalation vulnerabilities :

- An elevation of privilege vulnerability exists due to Windows Registry Virtualization improperly allowing a user to modify the virtual store of another user. A local attacker, with a specially crafted application, can exploit this vulnerability to take control of the account of another user who is logged on to the affected system. (CVE-2015-0073)

- An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation levels. A local attacker, with a specially crafted application, can exploit this vulnerability to bypass user account checks. (CVE-2015-0075)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

KB3035131 (MS15-025) has affected binaries in common with Security Advisory 3033929, which was released simultaneously. If you download and install updates manually, you should first install KB3035131 (MS15-025) before installing KB3033929. See the MS15-025 bulletin Update FAQ for more information.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0139
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 72908
BID 72915
CVE CVE-2015-0073
CVE CVE-2015-0075
MSKB 3038680
MSKB 3035131
MSKB 3033929
MSKB 3033395
XREF MSFT:MS15-025
XREF IAVA:2015-A-0048
Plugin Information
Published: 2015/03/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3035131
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18738
82770 - MS15-032: Cumulative Security Update for Internet Explorer (3038314)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3038314. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that KB3038314 was updated on April 22, 2015, for Internet Explorer for Windows Server 2003. If this update was installed prior to April 22, it will need to be reinstalled to be fully protected.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.2954
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 73990
BID 73993
BID 73994
BID 73996
BID 73997
BID 74000
BID 74001
BID 74003
BID 74004
BID 74006
CVE CVE-2015-1652
CVE CVE-2015-1657
CVE CVE-2015-1659
CVE CVE-2015-1660
CVE CVE-2015-1661
CVE CVE-2015-1662
CVE CVE-2015-1665
CVE CVE-2015-1666
CVE CVE-2015-1667
CVE CVE-2015-1668
MSKB 3038314
XREF MSFT:MS15-032
Plugin Information
Published: 2015/04/14, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3038314
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18806
82772 - MS15-035: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The version of Microsoft's Graphics Component installed on the remote host is affected by a remote code execution vulnerability due improper handling of specially crafted Enhanced Metafile (EMF) image format files by GDI+. A remote, unauthenticated attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted EMF file, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.4598
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74008
CVE CVE-2015-1645
MSKB 3046306
XREF MSFT:MS15-035
Plugin Information
Published: 2015/04/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3046306
- C:\Windows\system32\gdi32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18778

82793 - MS15-037: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper handling of invalid tasks in the Task Scheduler. If a known invalid task is present on the system, a local attacker can exploit the task to cause Task Scheduler to execute a crafted application with System privileges, possibly gaining further rights.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0075
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 73989
CVE CVE-2015-0098
MSKB 3046269
XREF MSFT:MS15-037
XREF IAVA:2015-A-0088
Plugin Information
Published: 2015/04/15, Modified: 2019/11/22
Plugin Output

tcp/0


KB3046269 is not installed on this Windows 7 / Windows 2008 R2 system.

82774 - MS15-038: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
-
Synopsis
The remote Windows host is affected by multiple privilege escalation vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple privilege escalation vulnerabilities :

- A elevation of privilege vulnerability exists due to NtCreateTransactionManager type confusion that allows an authenticated attacker to bypass impersonation-level security checks by running a specially crafted application. (CVE-2015-1643)

- A elevation of privilege vulnerability exists due to a MS-DOS device name handling flaw that allows an authenticated attacker to bypass impersonation-level security checks by running a specially crafted application. (CVE-2015-1644)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.0268
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 73998
BID 74014
CVE CVE-2015-1643
CVE CVE-2015-1644
MSKB 3045685
MSKB 3045999
XREF MSFT:MS15-038
XREF IAVA:2015-A-0091
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/04/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3045999
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18798
83358 - MS15-043: Cumulative Security Update for Internet Explorer (3049563)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3049563. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.2472
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 74504
BID 74505
BID 74506
BID 74507
BID 74508
BID 74509
BID 74510
BID 74511
BID 74512
BID 74513
BID 74514
BID 74515
BID 74516
BID 74517
BID 74518
BID 74519
BID 74520
BID 74521
BID 74522
BID 74530
BID 74606
BID 74607
CVE CVE-2015-1658
CVE CVE-2015-1684
CVE CVE-2015-1685
CVE CVE-2015-1686
CVE CVE-2015-1688
CVE CVE-2015-1689
CVE CVE-2015-1691
CVE CVE-2015-1692
CVE CVE-2015-1694
CVE CVE-2015-1703
CVE CVE-2015-1704
CVE CVE-2015-1705
CVE CVE-2015-1706
CVE CVE-2015-1708
CVE CVE-2015-1709
CVE CVE-2015-1710
CVE CVE-2015-1711
CVE CVE-2015-1712
CVE CVE-2015-1713
CVE CVE-2015-1714
CVE CVE-2015-1717
CVE CVE-2015-1718
MSKB 3049563
XREF MSFT:MS15-043
Plugin Information
Published: 2015/05/12, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3049563
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18835
83440 - MS15-044: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists due to improper handling of OpenType fonts by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted OpenType font, resulting in the disclosure of sensitive information. (CVE-2015-1670)

- A remote code execution vulnerability exists due to improper handling of TrueType font files by the Windows DirectWrite library. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted document or visit a website containing a specially crafted TrueType font file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-1671)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013; and .NET Framework 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.8593
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 74485
BID 74490
CVE CVE-2015-1670
CVE CVE-2015-1671
MSKB 3048068
MSKB 3048070
MSKB 3048071
MSKB 3048072
MSKB 3048073
MSKB 3048074
MSKB 3048077
MSKB 3045171
MSKB 3065979
MSKB 2883029
MSKB 2881073
MSKB 3051467
MSKB 3051464
MSKB 3051465
MSKB 3051466
MSKB 3039779
MSKB 3056819
XREF MSFT:MS15-044
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2015/05/13, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



KB : 3045171
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18834
83356 - MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs when decrypting XML data. A remote attacker can exploit this, via specially crafted XML data, to degrade the performance of a .NET website. (CVE-2015-1672)

- A privilege escalation vulnerability exists in the Microsoft .NET Framework due to improper handling of objects in memory by .NET's Windows Forms (WinForms) libraries. A remote attacker can exploit this, via a specially crafted partial trust application, to escalate privileges. (CVE-2015-1673)
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.
Risk Factor
High
VPR Score
5.5
EPSS Score
0.3919
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 74482
BID 74487
CVE CVE-2015-1672
CVE CVE-2015-1673
MSKB 3023211
MSKB 3023213
MSKB 3023215
MSKB 3023217
MSKB 3023219
MSKB 3023220
MSKB 3023221
MSKB 3023222
MSKB 3023223
MSKB 3023224
MSKB 3032655
MSKB 3032662
MSKB 3032663
MSKB 3035485
MSKB 3035486
MSKB 3035487
MSKB 3035488
MSKB 3035489
MSKB 3035490
XREF MSFT:MS15-048
XREF IAVA:2015-A-0105-S
Plugin Information
Published: 2015/05/12, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34252

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.security.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5490

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5491

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34251
83370 - MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The version of Windows running on the remote host is affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this to reveal private address information during a function call, resulting in the disclosure of kernel memory contents. (CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680)

- A privilege escalation vulnerability exists due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this flaw, via a specially crafted application, to execute arbitrary code in kernel mode. This vulnerability is reportedly being exploited in the wild. (CVE-2015-1701)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.7
EPSS Score
0.9018
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 74245
BID 74483
BID 74494
BID 74495
BID 74496
BID 74497
CVE CVE-2015-1676
CVE CVE-2015-1677
CVE CVE-2015-1678
CVE CVE-2015-1679
CVE CVE-2015-1680
CVE CVE-2015-1701
MSKB 3045171
MSKB 3057191
MSKB 3065979
XREF MSFT:MS15-051
XREF IAVA:2015-A-0108
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2015/05/12, Modified: 2022/03/08
Plugin Output

tcp/445/cifs



KB : 3045171
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18834
84053 - MS15-056: Cumulative Security Update for Internet Explorer (3058515)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3058515. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3058515 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5716
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 74972
BID 74973
BID 74974
BID 74975
BID 74976
BID 74978
BID 74979
BID 74981
BID 74982
BID 74983
BID 74984
BID 74985
BID 74986
BID 74987
BID 74988
BID 74989
BID 74990
BID 74991
BID 74992
BID 74993
BID 74994
BID 74995
BID 74996
BID 74997
BID 75182
CVE CVE-2015-1687
CVE CVE-2015-1730
CVE CVE-2015-1731
CVE CVE-2015-1732
CVE CVE-2015-1735
CVE CVE-2015-1736
CVE CVE-2015-1737
CVE CVE-2015-1739
CVE CVE-2015-1740
CVE CVE-2015-1741
CVE CVE-2015-1742
CVE CVE-2015-1743
CVE CVE-2015-1744
CVE CVE-2015-1745
CVE CVE-2015-1747
CVE CVE-2015-1748
CVE CVE-2015-1750
CVE CVE-2015-1751
CVE CVE-2015-1752
CVE CVE-2015-1753
CVE CVE-2015-1754
CVE CVE-2015-1755
CVE CVE-2015-1765
CVE CVE-2015-1766
MSKB 3058515
XREF MSFT:MS15-056
Plugin Information
Published: 2015/06/09, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3058515
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18870
84056 - MS15-060: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to a user-after-free error in Microsoft Common Controls. A remote attacker can exploit this vulnerability by convincing a user to click a specially crafted link, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.4431
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 75017
CVE CVE-2015-1756
MSKB 3059317
XREF MSFT:MS15-060
XREF IAVA:2015-A-0125
Plugin Information
Published: 2015/06/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3059317
None of the versions of 'comctl32.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 5.82.7601.18837
84059 - MS15-061: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of buffer elements. A local attacker can exploit this vulnerability to request the contents of specific memory addresses. (CVE-2015-1719)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to a user-after-free error. A remote attacker can exploit this vulnerability by convincing a user to run a specially crafted application, resulting in the execution of arbitrary code in kernel mode. (CVE-2015-1720)

- A elevation of privilege vulnerability exists in the Windows kernel-mode driver due to a NULL pointer dereference flaw. A remote attacker can exploit this vulnerability by convincing a user to run a specially crafted application, resulting in the execution of arbitrary code in kernel mode. (CVE-2015-1721)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to escalate privileges to full administrative rights.
(CVE-2015-1722, CVE-2015-1723, CVE-2015-1724, CVE-2015-1726)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improperly validated user-supplied input. A local attacker can exploit these vulnerabilities, with a specially crafted application, to escalate privileges to full administrative rights. (CVE-2015-1725, CVE-2015-1727)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due a failure to properly free memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to execute arbitrary code in the context of another user. (CVE-2015-1725, CVE-2015-1727)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.1703
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 74998
BID 74999
BID 75000
BID 75005
BID 75006
BID 75008
BID 75009
BID 75010
BID 75012
BID 75024
BID 75025
CVE CVE-2015-1719
CVE CVE-2015-1720
CVE CVE-2015-1721
CVE CVE-2015-1722
CVE CVE-2015-1723
CVE CVE-2015-1724
CVE CVE-2015-1725
CVE CVE-2015-1726
CVE CVE-2015-1727
CVE CVE-2015-1768
CVE CVE-2015-2360
MSKB 3057839
XREF MSFT:MS15-061
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/06/09, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



KB : 3057839
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18869
84761 - MS15-065: Cumulative Security Update for Internet Explorer (3076321)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3076321. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Hosts running Internet Explorer 10 or Internet Explorer 11 will not be fully protected until both security update 3065822 and security update 3075516 are applied to the system. Security update 3075516 may require manual installation depending on your patching method.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3076321 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 6, 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
9.5
EPSS Score
0.8025
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 75626
BID 75631
BID 75636
BID 75677
BID 75679
BID 75687
BID 75689
BID 75690
BID 75745
CVE CVE-2015-1729
CVE CVE-2015-1733
CVE CVE-2015-1738
CVE CVE-2015-1767
CVE CVE-2015-2372
CVE CVE-2015-2383
CVE CVE-2015-2384
CVE CVE-2015-2385
CVE CVE-2015-2388
CVE CVE-2015-2389
CVE CVE-2015-2390
CVE CVE-2015-2391
CVE CVE-2015-2397
CVE CVE-2015-2398
CVE CVE-2015-2401
CVE CVE-2015-2402
CVE CVE-2015-2403
CVE CVE-2015-2404
CVE CVE-2015-2406
CVE CVE-2015-2408
CVE CVE-2015-2410
CVE CVE-2015-2411
CVE CVE-2015-2412
CVE CVE-2015-2413
CVE CVE-2015-2414
CVE CVE-2015-2419
CVE CVE-2015-2421
CVE CVE-2015-2422
CVE CVE-2015-2425
MSKB 3065822
MSKB 3075516
XREF MSFT:MS15-065
XREF CISA-KNOWN-EXPLOITED:2022/04/18
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2015/07/15, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3065822
- C:\Windows\system32\Mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18896
84744 - MS15-072: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper processing of bitmap conversions in the Windows graphics component. An authenticated attacker can exploit this, via a specially crafted application, to gain administrative privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0068
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2015-2364
MSKB 3069392
XREF MSFT:MS15-072
Plugin Information
Published: 2015/07/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3069392
- C:\Windows\system32\gdi32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18898
84747 - MS15-073: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to elevate privileges to full administrative rights.
(CVE-2015-2363, CVE-2015-2365, CVE-2015-2366)

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of non-initialized values in memory. An attacker can exploit this vulnerability, with a specially crafted application, to leak memory addresses or other sensitive kernel information that can be used for further exploitation of the system. (CVE-2015-2367)

- An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of private address information during a function call. An attacker can exploit this vulnerability, with a specially crafted application, to request the contents of specific memory addresses. (CVE-2015-2381, CVE-2015-2382)
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.121
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2015-2363
CVE CVE-2015-2365
CVE CVE-2015-2366
CVE CVE-2015-2367
CVE CVE-2015-2381
CVE CVE-2015-2382
MSKB 3070102
XREF MSFT:MS15-073
XREF IAVA:2015-A-0162
Plugin Information
Published: 2015/07/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3070102
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18906
84748 - MS15-076: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Remote Procedure Call (RPC) due to incorrectly allowing DCE/RPC connection reflection. A remote, authenticated attacker can exploit this vulnerability, with a specially crafted application, to elevate privileges.

Note that in order to exploit this issue, an attacker would first have to log onto the system.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.1762
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2015-2370
MSKB 3067505
XREF MSFT:MS15-076
XREF IAVA:2015-A-0165
Plugin Information
Published: 2015/07/14, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3067505
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18909
84746 - MS15-077: Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
-
Synopsis
The Adobe Font driver on the remote host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability in the Adobe Type Manager Font Driver (ATMFD) due to a failure to properly handle objects in memory. A local attacker can exploit this by running a specially crafted application, resulting in arbitrary code execution with elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.
Risk Factor
High
VPR Score
9.7
EPSS Score
0.3121
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2015-2387
MSKB 3077657
XREF MSFT:MS15-077
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
CANVAS (true)
Plugin Information
Published: 2015/07/14, Modified: 2022/03/08
Plugin Output

tcp/445/cifs



KB : 3077657
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.242
84882 - MS15-078: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability in the Adobe Type Manager Library due to improper handling of OpenType fonts. A remote attacker can exploit this vulnerability by convincing a user to open a document or visit a website containing specially crafted OpenType fonts, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
9.6
EPSS Score
0.9175
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 75951
CVE CVE-2015-2426
MSKB 3079904
XREF MSFT:MS15-078
XREF CISA-KNOWN-EXPLOITED:2022/04/18
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2015/07/20, Modified: 2022/03/29
Plugin Output

tcp/445/cifs



KB : 3079904
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.243
85333 - MS15-079: Cumulative Security Update for Internet Explorer (3082442)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3082442. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3082442 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.2883
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 76188
BID 76189
BID 76190
BID 76191
BID 76192
BID 76193
BID 76194
BID 76195
BID 76196
BID 76197
BID 76198
BID 76199
BID 76202
CVE CVE-2015-2423
CVE CVE-2015-2441
CVE CVE-2015-2442
CVE CVE-2015-2443
CVE CVE-2015-2444
CVE CVE-2015-2445
CVE CVE-2015-2446
CVE CVE-2015-2447
CVE CVE-2015-2448
CVE CVE-2015-2449
CVE CVE-2015-2450
CVE CVE-2015-2451
CVE CVE-2015-2452
MSKB 3081436
MSKB 3078071
XREF MSFT:MS15-079
Plugin Information
Published: 2015/08/11, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3078071
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18934
85348 - MS15-080 : Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to the Windows Adobe Type Manager Library not properly handling specially crafted OpenType fonts. An attacker can exploit these, by using a crafted document or web page with embedded OpenType fonts, to execute arbitrary code in the context of the current user. (CVE-2015-2432, CVE-2015-2458, CVE-2015-2459, CVE-2015-2460, CVE-2015-2461, CVE-2015-2462)

- Multiple remote code execution vulnerabilities exist in various components of Windows, .NET Framework, Office, Lync, and Silverlight due to a failure to properly handle TrueType fonts. An attacker can exploit these, by using a crafted document or web page with embedded TrueType fonts, to execute arbitrary code in the context of the current user. (CVE-2015-2435, CVE-2015-2455, CVE-2015-2456 CVE-2015-2463, CVE-2015-2464)

- A remote code execution vulnerability exists due to Microsoft Office not properly handling Office Graphics Library (OGL) fonts. An attacker can exploit this, by using a crafted document or web page with embedded OGL fonts, to execute arbitrary code in the context of the user. (CVE-2015-2431)

- A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize a memory address. An attacker, using a specially crafted application, can exploit this issue to bypass Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver. (CVE-2015-2433)

- An elevation of privilege vulnerability exists due to a flaw in the Windows Client/Server Run-time Subsystem (CSRSS) when terminating a process when a user logs off.
An attacker can exploit this vulnerability to run code that monitors the actions of users who log on to the system, allowing the disclosure of sensitive information which could be used to elevate privileges or execute code. (CVE-2015-2453)

- A security feature bypass vulnerability exists due to the Windows kernel-mode driver not properly validating and enforcing impersonation levels. An attacker can exploit this to gain elevated privileges on a targeted system. (CVE-2015-2454)

- A security feature bypass vulnerability exists due to the Windows shell not properly validating and enforcing impersonation levels. An attacker can exploit this to bypass impersonation-level security and gain elevated privileges on a targeted system. (CVE-2015-2465)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Microsoft Lync 2010, 2010 Attendee, 2013 SP1, Microsoft Live Meeting 2007; and .NET Framework 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.6199
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 76203
BID 76207
BID 76209
BID 76210
BID 76211
BID 76213
BID 76215
BID 76216
BID 76218
BID 76223
BID 76225
BID 76235
BID 76238
BID 76239
BID 76240
BID 76241
CVE CVE-2015-2431
CVE CVE-2015-2432
CVE CVE-2015-2433
CVE CVE-2015-2435
CVE CVE-2015-2453
CVE CVE-2015-2454
CVE CVE-2015-2455
CVE CVE-2015-2456
CVE CVE-2015-2458
CVE CVE-2015-2459
CVE CVE-2015-2460
CVE CVE-2015-2461
CVE CVE-2015-2462
CVE CVE-2015-2463
CVE CVE-2015-2464
CVE CVE-2015-2465
MSKB 3054846
MSKB 3054890
MSKB 3055014
MSKB 3072303
MSKB 3072305
MSKB 3072306
MSKB 3072307
MSKB 3072309
MSKB 3072310
MSKB 3072311
MSKB 3075590
MSKB 3075591
MSKB 3075592
MSKB 3075593
MSKB 3078601
MSKB 3080333
MSKB 3081436
XREF MSFT:MS15-080
XREF IAVA:2015-A-0196
Exploitable With
Metasploit (true)
Plugin Information
Published: 2015/08/12, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3078601
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.245
85332 - MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities :

- A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472)

- A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user's current working directory and convincing the user to open a crafted RDP file, can exploit this issue to execute arbitrary code in the context of the user.
(CVE-2015-2473)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 8.1, 2012, 2012 R2, RT, and RT 8.1.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.3177
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 76224
BID 76228
CVE CVE-2015-2472
CVE CVE-2015-2473
MSKB 3075220
MSKB 3075221
MSKB 3075222
MSKB 3075226
XREF MSFT:MS15-082
XREF IAVA:2015-A-0190
Plugin Information
Published: 2015/08/11, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3075220
- C:\Windows\system32\mstscax.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18918
85330 - MS15-085: Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Mount Manager component due to improper processing of symbolic links. A local attacker can exploit this vulnerability by inserting a malicious USB device into a user's system, allowing the writing of a malicious binary to disk and the execution of arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.3179
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 76222
CVE CVE-2015-1769
MSKB 3082487
MSKB 3071756
XREF MSFT:MS15-085
XREF IAVA:2015-A-0192
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2015/08/11, Modified: 2023/04/25
Plugin Output

tcp/445/cifs



KB : 3071756
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18933
85322 - MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
-
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Object Manager :

- A flaw exists in Windows Object Manager due to a failure to properly validate and enforce impersonation levels. A remote, authenticated attacker can exploit this vulnerability, via a specially crafted application, to bypass impersonation-level security, resulting in a privilege escalation. (CVE-2015-2428)

- A flaw exists in Windows Object Manager due to a failure to properly restrict certain registry interactions from within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to open specially crafted file that invokes a vulnerable sandboxed application, to interact with the registry and escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2429)

- A flaw exists in Windows Object Manager due to a failure to properly restrict certain filesystem interactions from within vulnerable sandboxed applications. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file that invokes a vulnerable sandboxed application, to interact with the filesystem and escape the application sandbox, resulting in a privilege escalation. (CVE-2015-2430)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0658
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 76227
BID 76231
BID 76233
CVE CVE-2015-2428
CVE CVE-2015-2429
CVE CVE-2015-2430
MSKB 3060716
XREF MSFT:MS15-090
XREF IAVA:2015-A-0193
Plugin Information
Published: 2015/08/11, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3060716
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18923
85540 - MS15-093: Security Update for Internet Explorer (3088903)
-
Synopsis
The remote host has a web browser installed that is affected by a remote code execution vulnerability.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3088903. It is, therefore, affected by a remote code execution vulnerability due to a memory corruption issue caused by improper accessing of objects in memory. An unauthenticated, remote attacker can exploit this issue by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 7, 8, 9, 10, and 11.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.2487
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 76403
CVE CVE-2015-2502
MSKB 3081444
MSKB 3087985
XREF MSFT:MS15-093
XREF CISA-KNOWN-EXPLOITED:2022/05/04
Plugin Information
Published: 2015/08/19, Modified: 2022/04/22
Plugin Output

tcp/445/cifs



KB : 3087985
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18968
85845 - MS15-094: Cumulative Security Update for Internet Explorer (3089548)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3089548. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3089548 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.299
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 76570
BID 76571
BID 76572
BID 76573
BID 76574
BID 76575
BID 76576
BID 76577
BID 76578
BID 76579
BID 76580
BID 76581
BID 76582
BID 76583
BID 76584
BID 76585
BID 76586
CVE CVE-2015-2483
CVE CVE-2015-2484
CVE CVE-2015-2485
CVE CVE-2015-2486
CVE CVE-2015-2487
CVE CVE-2015-2489
CVE CVE-2015-2490
CVE CVE-2015-2491
CVE CVE-2015-2492
CVE CVE-2015-2493
CVE CVE-2015-2494
CVE CVE-2015-2496
CVE CVE-2015-2498
CVE CVE-2015-2499
CVE CVE-2015-2500
CVE CVE-2015-2501
CVE CVE-2015-2541
CVE CVE-2015-2542
MSKB 3087038
MSKB 3081455
XREF MSFT:MS15-094
Plugin Information
Published: 2015/09/08, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3087038
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.18969
85877 - MS15-097: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows Adobe Type Manager Library due to improper handling of specially crafted OpenType fonts. An authenticated, remote attacker can exploit this vulnerability, via a specially crafted application, to elevate privileges and execute arbitrary code.
(CVE-2015-2506)

- Multiple elevation of privilege vulnerabilities exist in the Windows Adobe Type Manager Library due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code. (CVE-2015-2507, CVE-2015-2508, CVE-2015-2512)

- A remote code execution vulnerability exists in components of Windows, Office, and Lync due to improper handling of specially crafted OpenType fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted OpenType fonts, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2510)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2546)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper validation and enforcement of integrity levels during certain process initialization scenarios. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode.
(CVE-2015-2527)

- A security feature bypass vulnerability exists due to a failure by the Windows kernel to properly initialize a memory address. A local attacker can exploit this, via a specially crafted application, to bypass Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the kernel driver. (CVE-2015-2529)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Lync 2010, Lync 2010 Attendee, Lync 2013 (Skype for Business), Lync Basic 2013, and Live Meeting 2007.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.706
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 76563
BID 76589
BID 76591
BID 76592
BID 76593
BID 76597
BID 76599
BID 76602
BID 76606
BID 76607
BID 76608
CVE CVE-2015-2506
CVE CVE-2015-2507
CVE CVE-2015-2508
CVE CVE-2015-2510
CVE CVE-2015-2511
CVE CVE-2015-2512
CVE CVE-2015-2517
CVE CVE-2015-2518
CVE CVE-2015-2527
CVE CVE-2015-2529
CVE CVE-2015-2546
MSKB 3085529
MSKB 3085546
MSKB 3085500
MSKB 3081087
MSKB 3081088
MSKB 3081089
MSKB 3081090
MSKB 3087039
MSKB 3087135
MSKB 3081455
XREF MSFT:MS15-097
XREF IAVA:2015-A-0212
XREF CISA-KNOWN-EXPLOITED:2022/04/05
Plugin Information
Published: 2015/09/09, Modified: 2022/03/28
Plugin Output

tcp/445/cifs



KB : 3087039
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.246
85847 - MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Microsoft .NET Framework :

- An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory before they are copied into an array. A remote, unauthenticated attacker can exploit this to bypass Code Access Security (CAS) restrictions by convincing a user to run an untrusted .NET application or to visit a website containing a malicious XAML browser application.
(CVE-2015-2504)

- A denial of service vulnerability exists due to improper handling of specially crafted requests to an ASP .NET server. A remote, unauthenticated attacker can exploit this to degrade performance. (CVE-2015-2526)
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.3184
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 76560
BID 76567
CVE CVE-2015-2504
CVE CVE-2015-2526
MSKB 3074228
MSKB 3074229
MSKB 3074230
MSKB 3074231
MSKB 3074232
MSKB 3074233
MSKB 3074541
MSKB 3074543
MSKB 3074544
MSKB 3074545
MSKB 3074547
MSKB 3074548
MSKB 3074549
MSKB 3074550
MSKB 3074552
MSKB 3074553
MSKB 3074554
MSKB 3081455
XREF MSFT:MS15-101
XREF IAVA:2015-A-0213-S
Plugin Information
Published: 2015/09/08, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34268

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.drawing.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5492

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34270
85844 - MS15-102: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
-
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Task Management :

- An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation levels. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass impersonation-level security checks and gain elevated privileges. (CVE-2015-2524)

- An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper verification of certain file system interactions. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in the security context of the local system. (CVE-2015-2525)

- An elevation of privilege vulnerability exists due to a failure to properly validate and enforce impersonation levels. An authenticated, remote attacker can exploit this, via a specially crafted application, to bypass impersonation-level security checks and gain elevated privileges. CVE-2015-2528)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, 10.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.2527
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 76587
BID 76590
BID 76653
CVE CVE-2015-2524
CVE CVE-2015-2525
CVE CVE-2015-2528
MSKB 3084135
MSKB 3082089
MSKB 3081455
XREF MSFT:MS15-102
XREF IAVA:2015-A-0215
Exploitable With
CANVAS (true)
Plugin Information
Published: 2015/09/08, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3084135
- C:\Windows\system32\schedsvc.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18951
86366 - MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the Windows shell due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted toolbar object, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2515)

- A privilege escalation vulnerability exists in the Microsoft Tablet Input Band due to improper handling of objects in memory. A remote attacker can exploit this vulnerability to gain the same user rights as the current user by convincing a user to visit a specially crafted website. (CVE-2015-2548)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.5952
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 76981
BID 76989
CVE CVE-2015-2515
CVE CVE-2015-2548
MSKB 3080446
MSKB 3096443
MSKB 3093513
MSKB 3097617
XREF MSFT:MS15-109
XREF IAVA:2015-A-0245
Plugin Information
Published: 2015/10/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3080446
- C:\Windows\system32\shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18952
86373 - MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2015-2549, CVE-2015-2550, CVE-2015-2554)

- A security feature bypass vulnerability exists due to a failure to properly enforce the Windows Trusted Boot policy. A local attacker can exploit this, via a specially crafted Boot Configuration Data (BCD) setting, to disable code integrity checks, resulting in the execution of test-signed executables and drivers.
Additionally, a local attacker can exploit this vulnerability to bypass Trusted Boot integrity validation for BitLocker and Device Encryption security features. (CVE-2015-2552)

- An elevation of privilege vulnerability exists due to improper validation of junctions in certain scenarios in which mount points are being created. An unauthenticated, remote attacker can exploit this in conjunction with another vulnerability to execute arbitrary code in the context of the current user.
(CVE-2015-2553)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.1133
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 76994
BID 76998
BID 76999
BID 77004
BID 77014
CVE CVE-2015-2549
CVE CVE-2015-2550
CVE CVE-2015-2552
CVE CVE-2015-2553
CVE CVE-2015-2554
MSKB 3088195
MSKB 3097617
XREF MSFT:MS15-111
XREF IAVA:2015-A-0242
Plugin Information
Published: 2015/10/13, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3088195
- C:\Windows\system32\Ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19018
86819 - MS15-112: Cumulative Security Update for Internet Explorer (3104517)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3104517. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.6149
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 77439
BID 77440
BID 77441
BID 77442
BID 77443
BID 77444
BID 77445
BID 77446
BID 77447
BID 77448
BID 77449
BID 77450
BID 77451
BID 77452
BID 77453
BID 77454
BID 77455
BID 77456
BID 77457
BID 77459
BID 77461
BID 77467
BID 77468
BID 77469
BID 77470
CVE CVE-2015-2427
CVE CVE-2015-6064
CVE CVE-2015-6065
CVE CVE-2015-6066
CVE CVE-2015-6068
CVE CVE-2015-6069
CVE CVE-2015-6070
CVE CVE-2015-6071
CVE CVE-2015-6072
CVE CVE-2015-6073
CVE CVE-2015-6074
CVE CVE-2015-6075
CVE CVE-2015-6076
CVE CVE-2015-6077
CVE CVE-2015-6078
CVE CVE-2015-6079
CVE CVE-2015-6080
CVE CVE-2015-6081
CVE CVE-2015-6082
CVE CVE-2015-6084
CVE CVE-2015-6085
CVE CVE-2015-6086
CVE CVE-2015-6087
CVE CVE-2015-6088
CVE CVE-2015-6089
MSKB 3100773
MSKB 3105213
MSKB 3105211
XREF MSFT:MS15-112
Plugin Information
Published: 2015/11/10, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3100773
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.19038
86822 - MS15-115: Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist that are related to the handling of objects in memory.
A local attacker can exploit these, via a crafted application, to run arbitrary code in kernel mode.
(CVE-2015-6100, CVE-2015-6101)

- Multiple information disclosure vulnerabilities exist due to a failure to properly initialize memory addresses. A local attacker can exploit these, via a specially crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) and retrieve the base address of the Kernel driver from a compromised process. (CVE-2015-6102, CVE-2015-6109)

- Multiple remote code execution vulnerabilities exist in the Adobe Type Manager Library due to improper handling of specially crafted fonts. An unauthenticated, remote attacker can exploit these, via a crafted document or web page, to execute arbitrary code.
(CVE-2015-6103, CVE-2015-6104)

- A security feature bypass vulnerability exists due to improper validation of permissions. A local attacker can exploit this to interact with the file system in an inappropriate manner to modify files, by using a crafted, low-integrity-level, user-mode application.
(CVE-2015-6113)
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.5454
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 77458
BID 77460
BID 77462
BID 77463
BID 77464
BID 77465
BID 77466
CVE CVE-2015-6100
CVE CVE-2015-6101
CVE CVE-2015-6102
CVE CVE-2015-6103
CVE CVE-2015-6104
CVE CVE-2015-6109
CVE CVE-2015-6113
MSKB 3097877
MSKB 3101746
MSKB 3105211
MSKB 3105213
XREF MSFT:MS15-115
XREF IAVA:2015-A-0299
Plugin Information
Published: 2015/11/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3097877
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19054

KB : 3101746
- C:\Windows\system32\ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19045
86824 - MS15-117: Security Update for NDIS to Address Elevation of Privilege (3101722)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Network Driver Interface Specification (NDIS) due to a failure to check the length of a buffer prior to copying it into memory. An authenticated, remote attacker can exploit this vulnerability, via a specially crafted application, to gain elevated privileges on the system.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0273
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 77473
CVE CVE-2015-6098
MSKB 3101722
XREF MSFT:MS15-117
XREF IAVA:2015-A-0277
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/11/10, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3101722
- C:\Windows\system32\drivers\ndis.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19030
86826 - MS15-119: Security Update for Winsock to Address Elevation of Privilege (3104521)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability due to a flaw in Winsock in which a call is made to a memory address without verifying that the address is valid. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain elevated privileges on the host.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0212
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 77478
CVE CVE-2015-2478
MSKB 3092601
MSKB 3105211
MSKB 3105213
XREF MSFT:MS15-119
XREF IAVA:2015-A-0276
Plugin Information
Published: 2015/11/10, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3092601
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19031
87257 - MS15-128: Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
-
Synopsis
The remote host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of embedded fonts by the Windows font library. A remote attacker can exploit these by convincing a user to open a file or visit a website containing a specially crafted embedded font, resulting in execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Skype for Business 2016, Live Meeting 2007 Console, Silverlight;
and .NET framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, and 4.6.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.4941
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 78497
BID 78498
BID 78499
CVE CVE-2015-6106
CVE CVE-2015-6107
CVE CVE-2015-6108
MSKB 3085612
MSKB 3085616
MSKB 3099860
MSKB 3099862
MSKB 3099863
MSKB 3099864
MSKB 3099866
MSKB 3099869
MSKB 3099874
MSKB 3106614
MSKB 3109094
MSKB 3114351
MSKB 3114372
MSKB 3114478
MSKB 3115871
MSKB 3115872
MSKB 3115873
MSKB 3115875
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-128
XREF IAVA:2015-A-0308
Plugin Information
Published: 2015/12/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3109094
- C:\Windows\system32\dwrite.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19061
87259 - MS15-130: Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to improper parsing of fonts by Uniscribe. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted document or visit an untrusted website that contains specially crafted embedded fonts, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.2616
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 78500
CVE CVE-2015-6130
MSKB 3108670
XREF MSFT:MS15-130
XREF IAVA:2015-A-0301
Plugin Information
Published: 2015/12/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3108670
- C:\Windows\SysWOW64\Usp10.dll has not been patched.
Remote version : 1.626.7601.17514
Should be : 1.626.7601.19054
87261 - MS15-132: Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is affected by multiple remote code execution vulnerabilities due to improper input validation when libraries are linked. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
8.4
EPSS Score
0.73
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 78496
BID 78614
BID 78615
CVE CVE-2015-6128
CVE CVE-2015-6132
CVE CVE-2015-6133
MSKB 3108347
MSKB 3108371
MSKB 3108381
MSKB 3116162
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-132
XREF IAVB:2015-B-0143
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2015/12/08, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3108381
- C:\Windows\system32\comsvcs.dll has not been patched.
Remote version : 2001.12.8530.16385
Should be : 2001.12.8531.19062
87262 - MS15-133: Security Update for Windows PGM to Address Elevation of Privilege (3116130)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Pragmatic General Multicast (PGM) protocol, installed with the MSMQ service, due to a race condition that can result in references being made to already freed memory. An local attacker can exploit this, via a specially crafted application, to gain elevated privileges on the affected host.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0058
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 78509
CVE CVE-2015-6126
MSKB 3109103
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-133
XREF IAVA:2015-A-0304
Plugin Information
Published: 2015/12/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3109103
- C:\Windows\system32\drivers\Rmcast.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19055
87264 - MS15-135: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
-
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities due to improper handling of objects in memory by the Windows kernel. An authenticated, remote attacker can exploit these vulnerabilities by running a specially crafted application, resulting in an elevation of privileges.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.0173
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 78506
BID 78510
BID 78513
BID 78514
CVE CVE-2015-6171
CVE CVE-2015-6173
CVE CVE-2015-6174
CVE CVE-2015-6175
MSKB 3109094
MSKB 3116869
MSKB 3116900
XREF MSFT:MS15-135
XREF IAVA:2015-A-0299
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Exploitable With
Core Impact (true)
Plugin Information
Published: 2015/12/08, Modified: 2022/05/25
Plugin Output

tcp/445/cifs



KB : 3109094
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19061
87877 - MS16-001: Cumulative Security Update for Internet Explorer (3124903)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3124903. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the VBScript engine due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a Microsoft Office document containing an embedded ActiveX control, resulting in execution of arbitrary code in the context of the current user.
(CVE-2016-0002)

- An elevation of privilege vulnerability exists due to improper enforcement of cross-domain policies. An attacker can exploit this vulnerability to access information from one domain and inject it into another domain, resulting in a bypass of the cross-origin policy and an elevation of privileges. (CVE-2016-0005)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4722
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 79892
BID 79894
CVE CVE-2016-0002
CVE CVE-2016-0005
MSKB 3124275
MSKB 3124266
MSKB 3124263
XREF MSFT:MS16-001
Plugin Information
Published: 2016/01/12, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3124275
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.19104
87892 - MS16-005: Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows graphics device interface due to improper handling of objects in memory. An attacker can exploit this to bypass the Address Space Layout Randomization (ASLR) feature, resulting in the ability to predict memory offsets in a call stack. (CVE-2016-0008)

- A remote code execution vulnerability exists due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in execution of arbitrary code in the context of the current user.
(CVE-2016-0008)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2457
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 79885
BID 79887
CVE CVE-2016-0008
CVE CVE-2016-0009
MSKB 3124000
MSKB 3124001
MSKB 3124263
MSKB 3124266
XREF MSFT:MS16-005
Plugin Information
Published: 2016/01/13, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3124001
- C:\Windows\system32\gdi32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19091
87881 - MS16-008: Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities due to improper validation of reparse points that have been set by sandbox applications. A local attacker can exploit these vulnerabilities, via a crafted application, to gain elevated privileges and take complete control of the affected system.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Note that Windows 10 with Citrix XenDesktop installed will not be offered the patch due to an issue with the XenDesktop software that prevents users from logging on when the patch is applied. To apply the patch you must first uninstall XenDesktop or contact Citrix for help with the issue.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.0422
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:H/RL:OF/RC:C)
References
BID 79882
BID 79898
CVE CVE-2016-0006
CVE CVE-2016-0007
MSKB 3121212
MSKB 3124263
MSKB 3124266
XREF MSFT:MS16-008
Plugin Information
Published: 2016/01/12, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3121212
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19110
88646 - MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a crafted application, to run arbitrary code in kernel mode and therefore take control of the affected system.
(CVE-2016-0040)

- Multiple code execution vulnerabilities exist due to improper validation of user-supplied input when loading DLL files. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code. (CVE-2016-0041, CVE-2016-0042)

- A denial of service vulnerability exists in Microsoft Sync Framework due to improper processing of crafted input that uses the 'change batch' structure. An authenticated, remote attacker can exploit this, via specially crafted packets sent to the SyncShareSvc service, to cause the service to stop responding.
(CVE-2016-0044)

- A security feature bypass vulnerability exists when Kerberos fails to check the password change of a user signing into a workstation. An attacker can exploit this, by connecting the workstation to a malicious Kerberos Key distribution Center, to bypass Kerberos authentication on a target machine, thus allowing decryption of drives protected by BitLocker.
(CVE-2016-0049)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.789
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 82505
BID 82510
BID 82511
BID 82515
CVE CVE-2016-0040
CVE CVE-2016-0041
CVE CVE-2016-0042
CVE CVE-2016-0044
CVE CVE-2016-0049
MSKB 3126041
MSKB 3126587
MSKB 3126593
MSKB 3126434
MSKB 3135174
MSKB 3135173
XREF MSFT:MS16-014
XREF IAVA:2016-A-0050
XREF CISA-KNOWN-EXPLOITED:2022/04/18
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2016/02/09, Modified: 2022/03/29
Plugin Output

tcp/445/cifs



KB : 3126587
- C:\Windows\system32\advapi32.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.19135

KB : 3126593
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19117
88650 - MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Windows kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0068
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 82708
CVE CVE-2016-0048
MSKB 3134214
MSKB 3135174
MSKB 3135173
XREF MSFT:MS16-018
Plugin Information
Published: 2016/02/09, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3134214
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19113
88651 - MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the .NET Framework :

- A denial of service vulnerability exists due to improper handling of certain Extensible Stylesheet Language Transformations (XSLT). A remote attacker can exploit this, via specially crafted XSLT inserted into a client-side web part, to cause the server to recursively compile XSLT transforms, resulting in significant degradation of server performance. (CVE-2016-0033)

- An information disclosure vulnerability exists in Windows Forms due to improper handling of icon data.
A remote attacker can exploit this, by uploading a specially crafted icon, to capture information that is returned within the icon's data. (CVE-2016-0047)
See Also
Solution
Microsoft has released a set of patches for .NET framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, 4.6, and 4.6.1.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.2328
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 82717
BID 82738
CVE CVE-2016-0033
CVE CVE-2016-0047
MSKB 3122646
MSKB 3122648
MSKB 3122649
MSKB 3122651
MSKB 3122654
MSKB 3122655
MSKB 3122656
MSKB 3122658
MSKB 3122660
MSKB 3122661
MSKB 3127219
MSKB 3127220
MSKB 3127221
MSKB 3127222
MSKB 3127226
MSKB 3127227
MSKB 3127230
MSKB 3127231
MSKB 3127233
MSKB 3135173
MSKB 3135174
XREF MSFT:MS16-019
XREF IAVB:2016-B-0024-S
Plugin Information
Published: 2016/02/09, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.drawing.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5495
89749 - MS16-026: Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by multiple vulnerabilities in the Adobe Type Manager Library :

- A denial of service vulnerability exists due to improper handling of OpenType fonts. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded OpenType fonts, resulting in a denial of service condition. (CVE-2016-0120)

- A remote code execution vulnerability exists due to improper handling of specially crafted fonts. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded OpenType fonts, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0121)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.5259
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 84027
BID 84071
CVE CVE-2016-0120
CVE CVE-2016-0121
MSKB 3140735
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-026
Plugin Information
Published: 2016/03/08, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3140735
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.247
89753 - MS16-030: Security Update for Windows OLE to Address Remote Code Execution (3143136)
-
Synopsis
The remote Windows host is affected by multiple remote code execution vulnerabilities.
Description
The remote Windows host is affected by multiple remote code execution vulnerabilities in Microsoft Windows OLE due to improper validation of user-supplied input. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4721
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 83944
BID 84125
CVE CVE-2016-0091
CVE CVE-2016-0092
MSKB 3139940
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-030
XREF IAVA:2016-A-0062
Plugin Information
Published: 2016/03/08, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3139940
- C:\Windows\system32\oleaut32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19144
89754 - MS16-031: Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability due to a failure to properly sanitize handles in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain elevated privileges, allowing the execution of arbitrary code as System.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0099
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 84032
CVE CVE-2016-0087
MSKB 3140410
XREF MSFT:MS16-031
Plugin Information
Published: 2016/03/08, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3140410
- C:\Windows\system32\Ntdll.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19160
89755 - MS16-032: Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Windows Secondary Logon Service due to improper management of request handles in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to elevate privileges, allowing the execution of arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.9043
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 84034
CVE CVE-2016-0099
MSKB 3139914
MSKB 3140768
MSKB 3140745
XREF MSFT:MS16-032
XREF IAVB:2016-B-0049
XREF CISA-KNOWN-EXPLOITED:2022/03/24
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2016/03/08, Modified: 2022/03/08
Plugin Output

tcp/445/cifs



KB : 3139914
- C:\Windows\system32\seclogon.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19148
89756 - MS16-034: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple flaws in the Win32k kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to elevate privileges, allowing the execution of arbitrary code in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.1802
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 84054
BID 84066
BID 84069
BID 84072
CVE CVE-2016-0093
CVE CVE-2016-0094
CVE CVE-2016-0095
CVE CVE-2016-0096
MSKB 3140768
MSKB 3139852
MSKB 3143145
MSKB 3140745
XREF MSFT:MS16-034
Plugin Information
Published: 2016/03/08, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3139852
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19145
90433 - MS16-039: Security Update for Microsoft Graphics Component (3148522)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An attacker can exploit these vulnerabilities to execute arbitrary code in kernel mode. (CVE-2016-0143, CVE-2016-0165, CVE-2016-0167)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing specially crafted embedded fonts, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0145)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, .NET framework 3.0 SP2, .NET framework 3.5, and .NET framework 3.5.1.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.7481
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 85896
BID 85899
BID 85900
BID 85903
CVE CVE-2016-0143
CVE CVE-2016-0145
CVE CVE-2016-0165
CVE CVE-2016-0167
MSKB 3145739
MSKB 3147461
MSKB 3147458
MSKB 3114542
MSKB 3114566
MSKB 3114985
MSKB 3142041
MSKB 3142042
MSKB 3142045
MSKB 3142043
MSKB 3114960
MSKB 3114944
MSKB 3144427
MSKB 3144428
MSKB 3144429
MSKB 3144432
MSKB 4038788
XREF MSFT:MS16-039
XREF IAVA:2016-A-0091
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2023/07/13
Exploitable With
Core Impact (true)
Plugin Information
Published: 2016/04/12, Modified: 2023/06/22
Plugin Output

tcp/445/cifs



KB : 3145739
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23407
90434 - MS16-040: Security Update for Microsoft XML Core Services (3148541)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft XML Core Services (MSXML) parser due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially-crafted website that is designed to invoke MSXML through Internet Explorer, to execute arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.2642
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 85909
CVE CVE-2016-0147
MSKB 3146963
MSKB 3147458
MSKB 3147461
XREF MSFT:MS16-040
XREF IAVA:2016-A-0092
Plugin Information
Published: 2016/04/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3146963
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.23373
90437 - MS16-044: Security Update for Windows OLE (3146706)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows OLE due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, and 2012 R2.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3365
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 85912
CVE CVE-2016-0153
MSKB 3146706
XREF MSFT:MS16-044
XREF IAVB:2016-B-0068
Plugin Information
Published: 2016/04/12, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3146706
- C:\Windows\system32\ole32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23392
91005 - MS16-055: Security Update for Microsoft Graphics Component (3156754)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist in the Windows Graphics component. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the disclosure of memory contents. (CVE-2016-0168, CVE-2016-0169)

- A remote code execution vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-0170)

- A remote code execution vulnerability exists in the Direct3D component due to a use-after-free error. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0184)

- A remote code execution vulnerability exists in the Windows Imaging component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user t visit a specially crafted website or open open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-0195)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.799
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 89862
BID 89863
BID 89864
BID 89892
BID 89901
CVE CVE-2016-0168
CVE CVE-2016-0169
CVE CVE-2016-0170
CVE CVE-2016-0184
CVE CVE-2016-0195
MSKB 3156013
MSKB 3156016
MSKB 3156019
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-055
Plugin Information
Published: 2016/05/10, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3156019
- C:\Windows\system32\Windowscodecs.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23418
91010 - MS16-060: Security Update for Windows Kernel (3154846)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a privilege escalation vulnerability due to improper parsing of certain symbolic links. A local attacker can exploit this vulnerability, via a specially crafted application, to access privileged registry keys, resulting in an elevation of privileges.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.015
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 90028
CVE CVE-2016-0180
MSKB 3153171
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-060
XREF IAVA:2016-A-0126
Plugin Information
Published: 2016/05/10, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3153171
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23418
91011 - MS16-061: Security Update for Microsoft RPC (3155520)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability in the Microsoft RPC Network Data Representation (NDR) Engine due to improper handling of memory. An authenticated, remote attacker can exploit this vulnerability, via malformed RPC requests, to execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.244
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 90032
CVE CVE-2016-0178
MSKB 3153171
MSKB 3153704
MSKB 3156387
MSKB 3156421
XREF MSFT:MS16-061
XREF IAVA:2016-A-0130
Plugin Information
Published: 2016/05/10, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3153171
- C:\Windows\system32\Rpcrt4.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23418
91012 - MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0196)

- A security feature bypass vulnerability exists in the Windows kernel. An authenticated, remote attacker can exploit this, via a crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-0175)

- A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0176)

- A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to correctly map kernel memory and to handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0197)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.0407
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 89860
BID 90027
BID 90052
BID 90064
BID 90065
BID 90101
BID 90102
CVE CVE-2016-0171
CVE CVE-2016-0173
CVE CVE-2016-0174
CVE CVE-2016-0175
CVE CVE-2016-0176
CVE CVE-2016-0196
CVE CVE-2016-0197
MSKB 3153199
MSKB 3156017
MSKB 3156387
MSKB 3156421
MSKB 3158222
XREF MSFT:MS16-062
Plugin Information
Published: 2016/05/10, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3153199
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23418
91596 - MS16-063: Cumulative Security Update for Internet Explorer (3163649)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3163649. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that the security update in MS16-077 must also be installed in order to fully resolve CVE-2016-3213.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.7831
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 91101
BID 91102
BID 91103
BID 91108
BID 91109
BID 91110
BID 91111
BID 91112
CVE CVE-2016-0199
CVE CVE-2016-0200
CVE CVE-2016-3202
CVE CVE-2016-3205
CVE CVE-2016-3206
CVE CVE-2016-3207
CVE CVE-2016-3210
CVE CVE-2016-3211
CVE CVE-2016-3212
CVE CVE-2016-3213
MSKB 3160005
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-063
Exploitable With
Core Impact (true)
Plugin Information
Published: 2016/06/14, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



The remote host is missing MS16-077.
91601 - MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3218, CVE-2016-3221)

- An information disclosure vulnerability exists in the Windows Virtual PCI (VPCI) virtual service provider (VSP) due to improper handling of uninitialized memory.
An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive memory contents. (CVE-2016-3232)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.1088
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 91121
BID 91122
BID 91123
CVE CVE-2016-3218
CVE CVE-2016-3221
CVE CVE-2016-3232
MSKB 3161664
MSKB 3164294
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-073
Plugin Information
Published: 2016/06/14, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3161664
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23452
91602 - MS16-074: Security Update for Microsoft Graphics Component (3164036)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows Graphics Component due to a failure to properly handle objects in memory. A local attacker can exploit this to disclose memory contents. (CVE-2016-3216)

- An elevation of privilege vulnerability exists due to a failure to properly handle objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to run processes in an elevated context. (CVE-2016-3219)

- An elevation of privilege vulnerability exists in the Adobe Type Manager Font Driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context.
(CVE-2016-3220)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.3755
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 91083
CVE CVE-2016-3216
CVE CVE-2016-3219
CVE CVE-2016-3220
MSKB 3164033
MSKB 3164035
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-074
XREF IAVA:2016-A-0149
Plugin Information
Published: 2016/06/14, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3164033
- C:\Windows\system32\atmfd.dll has not been patched.
Remote version : 5.1.2.230
Should be : 5.1.2.248
91603 - MS16-075: Security Update for Windows SMB Server (3164038)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Microsoft Server Message Block (SMB) server when handling forwarded credential requests that are intended for another service running on the same host. An authenticated attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.2681
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 91080
CVE CVE-2016-3225
MSKB 3161561
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-075
XREF IAVA:2016-A-0150
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2016/06/14, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3161561
- C:\Windows\system32\drivers\srvnet.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23452
91604 - MS16-076: Security Update for Netlogon (3167691)
-
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of objects in memory. A domain-authenticated attacker can exploit this, via a specially crafted Netlogon request to a domain controller, to execute arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.3382
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 91120
CVE CVE-2016-3228
MSKB 3161561
MSKB 3162343
XREF MSFT:MS16-076
XREF IAVA:2016-A-0152
Plugin Information
Published: 2016/06/14, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3161561
- C:\Windows\system32\wdigest.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23452
92021 - MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the kernel-mode driver due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3249, CVE-2016-3250, CVE-2016-3252, CVE-2016-3254, CVE-2016-3286)

- An information disclosure vulnerability exists in the Windows GDI component due improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose kernel memory addresses. (CVE-2016-3251)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.1054
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 91597
BID 91600
BID 91613
BID 91614
BID 91615
BID 91616
CVE CVE-2016-3249
CVE CVE-2016-3250
CVE CVE-2016-3251
CVE CVE-2016-3252
CVE CVE-2016-3254
CVE CVE-2016-3286
MSKB 3163912
MSKB 3168965
MSKB 3172985
XREF MSFT:MS16-090
Plugin Information
Published: 2016/07/12, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3168965
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23471
92843 - MS16-097: Security Update for Microsoft Graphics Component (3177393)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Graphics component due to improper handling of embedded fonts by the Windows font library. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.5361
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 92288
BID 92301
BID 92302
CVE CVE-2016-3301
CVE CVE-2016-3303
CVE CVE-2016-3304
MSKB 3174301
MSKB 3178034
MSKB 3176492
MSKB 3176493
MSKB 3176495
MSKB 3115109
MSKB 3115131
MSKB 3115481
MSKB 3115408
MSKB 3115431
MSKB 3174302
MSKB 3174304
MSKB 3174305
XREF MSFT:MS16-097
XREF IAVA:2016-A-0205
Plugin Information
Published: 2016/08/10, Modified: 2020/09/04
Plugin Output

tcp/445/cifs



KB : 3178034
None of the versions of 'GdiPlus.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.1.7601.23508
92821 - MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit these issues, via a crafted application, to execute arbitrary code in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.4464
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 92295
BID 92297
BID 92298
BID 92299
CVE CVE-2016-3308
CVE CVE-2016-3309
CVE CVE-2016-3310
CVE CVE-2016-3311
MSKB 3177725
MSKB 3176492
MSKB 3176493
MSKB 3176495
XREF MSFT:MS16-098
XREF IAVA:2016-A-0204
XREF CISA-KNOWN-EXPLOITED:2022/04/05
Exploitable With
Core Impact (true)
Plugin Information
Published: 2016/08/09, Modified: 2022/03/28
Plugin Output

tcp/445/cifs



KB : 3177725
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23497
92823 - MS16-101: Security Update for Windows Authentication Methods (3178465)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security downgrade vulnerability exists in Kerberos due to improper handling of password change requests.
A man-in-the-middle attacker can exploit this to cause the authentication protocol to fall back to the NT LAN Manager (NTLM) authentication protocol, resulting in a bypass of Kerberos authentication. (CVE-2016-3237)

- An elevation of privilege vulnerability exists in Windows Netlogon due to a failure to properly establish secure communications to a domain controller. A local attacker who has access to a domain-joined machine that points to a domain controller running either Windows Server 2012 or 2012 R2 can exploit this vulnerability to gain elevated privileges via a specially crafted application. (CVE-2016-3300)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2493
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 92290
BID 92296
CVE CVE-2016-3237
CVE CVE-2016-3300
MSKB 3167679
MSKB 3177108
MSKB 3192391
MSKB 3185330
MSKB 3192392
MSKB 3185331
MSKB 3192393
MSKB 3185332
XREF MSFT:MS16-101
XREF IAVA:2016-A-0207
XREF EDB-ID:40409
Plugin Information
Published: 2016/08/09, Modified: 2026/01/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3192391
- 3185330

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23564
93466 - MS16-106: Security Update for Microsoft Graphics Component (3185848)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3348, CVE-2016-3349)

- An information disclosure vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-3354)

- An elevation of privilege vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this to run arbitrary code in kernel mode.
(CVE-2016-3355)

- An unspecified flaw exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a malicious document, to execute arbitrary code in the context of the current user.
(CVE-2016-3356
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.2051
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 92782
BID 92783
BID 92784
BID 92787
BID 92792
CVE CVE-2016-3348
CVE CVE-2016-3349
CVE CVE-2016-3354
CVE CVE-2016-3355
CVE CVE-2016-3356
MSKB 3185911
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-106
XREF IAVA:2016-A-0240
Plugin Information
Published: 2016/09/13, Modified: 2019/11/14
Plugin Output

tcp/445/cifs



KB : 3185911
- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23528
93470 - MS16-111: Security Update for Windows Kernel (3186973)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist due to improper handling of session objects. A local attacker can exploit these, via a specially crafted application, to hijack the session of another user.
(CVE-2016-3305, CVE-2016-3306)

- A flaw exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby disclose potentially sensitive information. (CVE-2016-3371)

- An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to impersonate processes, interject cross-process communication, or interrupt system functionality. (CVE-2016-3372)

- A flaw exists in the Windows Kernel API due to improperly allowing access to sensitive registry information. A local attacker can exploit this, via a specially crafted application, to elevate privileges and thereby gain access to user account information.
(CVE-2016-3373)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.3526
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.0 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 92812
BID 92813
BID 92814
BID 92815
BID 92845
CVE CVE-2016-3305
CVE CVE-2016-3306
CVE CVE-2016-3371
CVE CVE-2016-3372
CVE CVE-2016-3373
MSKB 3175024
MSKB 3185611
MSKB 3185614
MSKB 3189866
MSKB 4025342
MSKB 3175024
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-111
XREF IAVA:2016-A-0242
Exploitable With
CANVAS (true)
Plugin Information
Published: 2016/09/13, Modified: 2019/11/14
Plugin Output

tcp/445/cifs



KB : 3175024
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23539
93473 - MS16-114: Security Update for Windows SMBv1 Server (3185879)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) Server due to improper handling of certain requests. An authenticated, remote attacker can exploit this, via specially crafted packets, to cause a denial of service condition or the execution of arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.2685
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 92859
CVE CVE-2016-3345
MSKB 3177186
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-114
XREF IAVA:2016-A-0248
Plugin Information
Published: 2016/09/13, Modified: 2026/01/26
Plugin Output

tcp/445/cifs



KB : 3177186
- C:\Windows\system32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23517
93651 - MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft OLE Automation mechanism and the VBScript Scripting Engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in context of the current user.

Note that MS16-104 must also be installed in order to fully resolve the vulnerability.
See Also
Solution
Microsoft has released a set of patches for Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.2262
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 92835
CVE CVE-2016-3375
MSKB 3184122
MSKB 3185611
MSKB 3185614
MSKB 3189866
XREF MSFT:MS16-116
XREF IAVA:2016-A-0245
Plugin Information
Published: 2016/09/22, Modified: 2026/01/23
Plugin Output

tcp/445/cifs



KB : 3184122
- C:\Windows\system32\Oleaut32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23512
94011 - MS16-118: Cumulative Security Update for Internet Explorer (3192887)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3192887. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that security update 3193515 in MS16-126 must also be installed in order to fully resolve CVE-2016-3298 on Windows Vista and Windows Server 2008.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4722
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93376
BID 93379
BID 93381
BID 93382
BID 93383
BID 93386
BID 93387
BID 93392
BID 93393
BID 93396
BID 93397
CVE CVE-2016-3267
CVE CVE-2016-3298
CVE CVE-2016-3331
CVE CVE-2016-3382
CVE CVE-2016-3383
CVE CVE-2016-3384
CVE CVE-2016-3385
CVE CVE-2016-3387
CVE CVE-2016-3388
CVE CVE-2016-3390
CVE CVE-2016-3391
MSKB 3185330
MSKB 3185331
MSKB 3185332
MSKB 3191492
MSKB 3192391
MSKB 3192392
MSKB 3192393
MSKB 3192440
MSKB 3192441
MSKB 3194798
XREF MSFT:MS16-118
XREF IAVB:2016-B-0150
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Plugin Information
Published: 2016/10/12, Modified: 2026/01/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3192391
- 3185330

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23564
94012 - MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-3266, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191)

- An elevation of privilege vulnerability exists in Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute processes in an elevated context. (CVE-2016-3341)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.209
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93384
BID 93388
BID 93389
BID 93391
BID 93556
CVE CVE-2016-3266
CVE CVE-2016-3341
CVE CVE-2016-3376
CVE CVE-2016-7185
CVE CVE-2016-7211
MSKB 3191203
MSKB 3183431
MSKB 3192391
MSKB 3185330
MSKB 3192392
MSKB 3185331
MSKB 3192393
MSKB 3185332
MSKB 3192440
MSKB 3192441
MSKB 3194798
MSKB 4038788
XREF MSFT:MS16-123
XREF IAVA:2016-A-0279
Plugin Information
Published: 2016/10/12, Modified: 2026/01/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3185330
- 3192391

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23564
94631 - MS16-130: Security Update for Microsoft Windows (3199172)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted image file from a web page or email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7212)

- An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) due to improper loading of DLL files. A local attacker can exploit this, via a specially crafted application, to elevate privileges. (CVE-2016-7221)

- An elevation of privilege vulnerability exists in Windows Task Scheduler due to improper handling of UNC paths. An authenticated, remote attacker can exploit this vulnerability by scheduling a new task with a specially crafted UNC path, resulting in the execution of arbitrary code with elevated system privileges.
(CVE-2016-7222)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.4071
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 94021
BID 94023
BID 94027
CVE CVE-2016-7212
CVE CVE-2016-7221
CVE CVE-2016-7222
MSKB 3193418
MSKB 3196718
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-130
XREF IAVA:2016-A-0321
Plugin Information
Published: 2016/11/08, Modified: 2026/01/19
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
94633 - MS16-132: Security Update for Microsoft Graphics Component (3199120)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the Windows Animation Manager due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7205)

- An information disclosure vulnerability exists in the ATMFD component due to improper handling of Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the disclosure of sensitive information. (CVE-2016-7210)

- A remote code execution vulnerability exists in the Windows Media Foundation due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-7217)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded Open Type fonts. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-7256)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.651
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 94030
BID 94033
BID 94066
BID 94156
CVE CVE-2016-7205
CVE CVE-2016-7210
CVE CVE-2016-7217
CVE CVE-2016-7256
MSKB 3203859
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-132
XREF IAVA:2016-A-0318
XREF CISA-KNOWN-EXPLOITED:2022/06/15
Plugin Information
Published: 2016/11/08, Modified: 2022/05/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
94635 - MS16-134: Security Update for Common Log File System Driver (3193706)
-
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows Common Log File System (CLFS) driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0718
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 93998
BID 94007
BID 94008
BID 94009
BID 94010
BID 94011
BID 94012
BID 94013
BID 94014
BID 94015
CVE CVE-2016-0026
CVE CVE-2016-3332
CVE CVE-2016-3333
CVE CVE-2016-3334
CVE CVE-2016-3335
CVE CVE-2016-3338
CVE CVE-2016-3340
CVE CVE-2016-3342
CVE CVE-2016-3343
CVE CVE-2016-7184
MSKB 3181707
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3197867
MSKB 3197868
MSKB 3198585
MSKB 3200970
MSKB 3198586
XREF MSFT:MS16-134
Plugin Information
Published: 2016/11/08, Modified: 2019/11/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
94636 - MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows kernel that allows a local attacker, via a specially crafted application, to bypass the Address Space Layout Randomization (ASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-7214)

- Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2016-7215, CVE-2016-7246, CVE-2016-7255)

- An information disclosure vulnerability exists in the bowser.sys kernel-mode driver due to improper handling objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7218)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.8936
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93991
BID 94000
BID 94004
BID 94063
BID 94064
CVE CVE-2016-7214
CVE CVE-2016-7215
CVE CVE-2016-7218
CVE CVE-2016-7246
CVE CVE-2016-7255
MSKB 3198234
MSKB 3194371
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-135
XREF IAVA:2016-A-0322
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2016/11/08, Modified: 2026/01/19
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
94638 - MS16-137: Security Update for Windows Authentication Methods (3199173)
-
Synopsis
The remote Windows host is affected multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in Windows Virtual Secure Mode due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7220)

- A denial of service vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when handling specially crafted requests. An authenticated, remote attacker can exploit this to cause the host to become non-responsive. (CVE-2016-7237)

- An elevation of privilege vulnerability exists due to improper handling of NTLM password change requests. An authenticated, remote attacker can exploit this, via a specially crafted application, to gain administrative privileges. (CVE-2016-7238)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.4644
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
References
BID 94036
BID 94040
BID 94045
CVE CVE-2016-7220
CVE CVE-2016-7237
CVE CVE-2016-7238
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198510
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-137
Exploitable With
Core Impact (true)
Plugin Information
Published: 2016/11/08, Modified: 2019/11/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
94643 - MS16-142: Cumulative Security Update for Internet Explorer (3198467)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3198467. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.7906
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 94051
BID 94052
BID 94053
BID 94055
BID 94057
BID 94059
BID 94065
CVE CVE-2016-7195
CVE CVE-2016-7196
CVE CVE-2016-7198
CVE CVE-2016-7199
CVE CVE-2016-7227
CVE CVE-2016-7239
CVE CVE-2016-7241
MSKB 3197655
MSKB 3197867
MSKB 3197868
MSKB 3197873
MSKB 3197874
MSKB 3197876
MSKB 3197877
MSKB 3198585
MSKB 3198586
MSKB 3200970
XREF MSFT:MS16-142
Plugin Information
Published: 2016/11/08, Modified: 2026/01/19
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
95764 - MS16-144: Cumulative Security Update for Internet Explorer (3204059)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3204059. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Internet Explorer 9, 10, and 11.

Note that security update 3208481 in MS16-144 must also be installed in order to fully resolve CVE-2016-7278 on Windows Vista and Windows Server 2008.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8146
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 94042
BID 94716
BID 94719
BID 94722
BID 94723
BID 94724
BID 94725
BID 94726
CVE CVE-2016-7202
CVE CVE-2016-7278
CVE CVE-2016-7279
CVE CVE-2016-7281
CVE CVE-2016-7282
CVE CVE-2016-7283
CVE CVE-2016-7284
CVE CVE-2016-7287
MSKB 3203621
MSKB 3208481
MSKB 3205408
MSKB 3205409
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-144
XREF EDB-ID:40793
Plugin Information
Published: 2016/12/13, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3205394
- 3207752

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23601
95765 - MS16-146: Security Update for Microsoft Graphics Component (3204066)
-
Synopsis
The remote Windows host is affected multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to disclose the contents of memory.
(CVE-2016-7257)

- Multiple remote code execution vulnerabilities exist in the Windows Graphics Component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2016-7272, CVE-2016-7273)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4634
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 94739
BID 94752
BID 94755
CVE CVE-2016-7257
CVE CVE-2016-7272
CVE CVE-2016-7273
MSKB 3204724
MSKB 3205638
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-146
XREF IAVA:2016-A-0346
Plugin Information
Published: 2016/12/13, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3205394
- 3207752

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23601
95766 - MS16-147: Security Update for Microsoft Uniscribe (3204063)
-
Synopsis
The remote host is affected by a remote code execution vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a specially crafted document, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.384
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 94758
CVE CVE-2016-7274
MSKB 3196348
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-147
XREF IAVA:2016-A-0352
Plugin Information
Published: 2016/12/13, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3205394
- 3207752

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23601
95813 - MS16-149: Security Update for Microsoft Windows (3205655)
-
Synopsis
The remote Windows host is affected multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in a Windows Crypto driver running in kernel mode due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2016-7219)

- An elevation of privilege vulnerability exists in the Windows installer due to improper sanitization of input, leading to insecure library loading behavior. A local attacker can exploit this to run arbitrary code with elevated system privileges. (CVE-2016-7292)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0147
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 94764
BID 94768
CVE CVE-2016-7219
CVE CVE-2016-7292
MSKB 3204808
MSKB 3196726
MSKB 3205394
MSKB 3207752
MSKB 3205408
MSKB 3205409
MSKB 3205400
MSKB 3205401
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-149
XREF IAVA:2016-A-0350
Plugin Information
Published: 2016/12/14, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3205394
- 3207752

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23601
95768 - MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651)
-
Synopsis
The remote host is affected by multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows Graphics Component due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in an elevated context.
(CVE-2016-7259)

- An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to execute arbitrary code in kernel mode.
(CVE-2016-7260)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0075
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 94771
BID 94785
CVE CVE-2016-7259
CVE CVE-2016-7260
MSKB 3204723
MSKB 3205394
MSKB 3207752
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205383
MSKB 3205386
MSKB 3206632
XREF MSFT:MS16-151
XREF IAVA:2016-A-0347
Exploitable With
Core Impact (true)
Plugin Information
Published: 2016/12/13, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3205394
- 3207752

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23601
96393 - MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)
-
Synopsis
The remote Windows host is affected multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a denial of service vulnerability in the Local Security Authority Subsystem Service (LSASS) component due to improper handling of authentication requests. An unauthenticated, remote attacker can exploit this to trigger a reboot of the system.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
5.1
EPSS Score
0.5347
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 95318
CVE CVE-2017-0004
MSKB 3216775
MSKB 3212642
MSKB 3212646
XREF MSFT:MS17-004
XREF IAVB:2017-B-0005
Exploitable With
Core Impact (true)
Plugin Information
Published: 2017/01/10, Modified: 2026/01/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3212642
- 3212646

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23642
97737 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)

- An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Microsoft has also released emergency patches for Windows operating systems that are no longer supported, including Windows XP, 2003, and 8.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9432
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 96703
BID 96704
BID 96705
BID 96706
BID 96707
BID 96709
CVE CVE-2017-0143
CVE CVE-2017-0144
CVE CVE-2017-0145
CVE CVE-2017-0146
CVE CVE-2017-0147
CVE CVE-2017-0148
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4012598
XREF MSFT:MS17-010
XREF IAVA:2017-A-0065
XREF EDB-ID:41891
XREF EDB-ID:41987
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/08/10
XREF CISA-KNOWN-EXPLOITED:2022/04/15
XREF CISA-KNOWN-EXPLOITED:2022/04/27
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2017/03/15, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
97833 - MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)

- An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Microsoft has also released emergency patches for Windows operating systems that are no longer supported, including Windows XP, 2003, and 8.

For unsupported Windows operating systems, e.g. Windows XP, Microsoft recommends that users discontinue the use of SMBv1. SMBv1 lacks security features that were included in later SMB versions. SMBv1 can be disabled by following the vendor instructions provided in Microsoft KB2696547. Additionally, US-CERT recommends that users block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9432
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 96703
BID 96704
BID 96705
BID 96706
BID 96707
BID 96709
CVE CVE-2017-0143
CVE CVE-2017-0144
CVE CVE-2017-0145
CVE CVE-2017-0146
CVE CVE-2017-0147
CVE CVE-2017-0148
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4012598
XREF EDB-ID:41891
XREF EDB-ID:41987
XREF MSFT:MS17-010
XREF IAVA:2017-A-0065
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/08/10
XREF CISA-KNOWN-EXPLOITED:2022/04/15
XREF CISA-KNOWN-EXPLOITED:2022/04/27
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2017/03/20, Modified: 2025/12/29
Plugin Output

tcp/445/cifs

Sent:
00000054ff534d4225000000001803c8000000000000000000000000000875090008000110000000
00ffffffff0000000000000000000000005400000054000200230000001100005c00500049005000
45005c0000000000

Received:
ff534d4225050200c09803c80000000000000000000000000008750900080001000000
97732 - MS17-011: Security Update for Microsoft Uniscribe (4013076)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these to execute arbitrary code by convincing a user to view a specially crafted website or open a specially crafted document file.
(CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090)

- Multiple information disclosure vulnerabilities exist in Windows Uniscribe that allow an unauthenticated, remote attacker to gain access to sensitive information by convincing a user to view a specially crafted website or open a specially crafted document file. (CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.7313
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 96599
BID 96603
BID 96604
BID 96605
BID 96606
BID 96607
BID 96608
BID 96610
BID 96652
BID 96657
BID 96658
BID 96659
BID 96660
BID 96661
BID 96663
BID 96665
BID 96666
BID 96667
BID 96668
BID 96669
BID 96670
BID 96672
BID 96673
BID 96674
BID 96675
BID 96676
BID 96678
BID 96679
BID 96680
CVE CVE-2017-0072
CVE CVE-2017-0083
CVE CVE-2017-0084
CVE CVE-2017-0085
CVE CVE-2017-0086
CVE CVE-2017-0087
CVE CVE-2017-0088
CVE CVE-2017-0089
CVE CVE-2017-0090
CVE CVE-2017-0091
CVE CVE-2017-0092
CVE CVE-2017-0111
CVE CVE-2017-0112
CVE CVE-2017-0113
CVE CVE-2017-0114
CVE CVE-2017-0115
CVE CVE-2017-0116
CVE CVE-2017-0117
CVE CVE-2017-0118
CVE CVE-2017-0119
CVE CVE-2017-0120
CVE CVE-2017-0121
CVE CVE-2017-0122
CVE CVE-2017-0123
CVE CVE-2017-0124
CVE CVE-2017-0125
CVE CVE-2017-0126
CVE CVE-2017-0127
CVE CVE-2017-0128
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012583
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-011
XREF IAVA:2017-A-0066
Plugin Information
Published: 2017/03/14, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
97743 - MS17-012: Security Update for Microsoft Windows (4013078)
-
Synopsis
The remote Windows host is affected multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution of a malicious script. (CVE-2017-0007)

- A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client implementations due to improper handling of certain requests sent to the client. An unauthenticated, remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until it is manually restarted. (CVE-2017-0016)

- A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library (DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary code. (CVE-2017-0039)

- An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server. (CVE-2017-0057)

- An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user's session. (CVE-2017-0100)

- An integer overflow condition exists in the iSNS Server service due to improper validation of input from the client. An unauthenticated, remote attacker can exploit this issue, via a specially crafted application that connects and issues requests to the iSNS server, to execute arbitrary code in the context of the SYSTEM account. (CVE-2017-0104)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.492
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 95969
BID 96018
BID 96024
BID 96695
BID 96697
BID 96700
CVE CVE-2017-0007
CVE CVE-2017-0016
CVE CVE-2017-0039
CVE CVE-2017-0057
CVE CVE-2017-0100
CVE CVE-2017-0104
MSKB 3217587
MSKB 4012021
MSKB 4012212
MSKB 4012215
MSKB 4012213
MSKB 4012216
MSKB 4012214
MSKB 4012217
MSKB 4012606
MSKB 4013198
XREF CERT:867968
XREF IAVA:2017-A-0070
XREF MSFT:MS17-012
Plugin Information
Published: 2017/03/15, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
97794 - MS17-013: Security Update for Microsoft Graphics Component (4013075)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code in kernel mode. (CVE-2017-0001, CVE-2017-0005, CVE-2017-0025, CVE-2017-0047)

- Multiple remote code execution vulnerabilities exist in the Windows Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page or open a specially crafted document, to execute arbitrary code. (CVE-2017-0014, CVE-2017-0108)

- An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0038)

- Multiple information disclosure vulnerabilities exist in the Windows Graphics Device Interface (GDI) component due to improper handling of memory addresses. A local attacker can exploit these vulnerabilities, via a specially crafted application, to disclose sensitive information. (CVE-2017-0060, CVE-2017-0062, CVE-2017-0073)

- Multiple information disclosure vulnerabilities exist in the Color Management Module (ICM32.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to disclose sensitive information and bypass usermode Address Space Layout Randomization (ASLR). (CVE-2017-0061, CVE-2017-0063)
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.8046
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 96013
BID 96023
BID 96033
BID 96034
BID 96057
BID 96626
BID 96637
BID 96638
BID 96643
BID 96713
BID 96715
BID 96722
CVE CVE-2017-0001
CVE CVE-2017-0005
CVE CVE-2017-0014
CVE CVE-2017-0025
CVE CVE-2017-0038
CVE CVE-2017-0047
CVE CVE-2017-0060
CVE CVE-2017-0061
CVE CVE-2017-0062
CVE CVE-2017-0063
CVE CVE-2017-0073
CVE CVE-2017-0108
MSKB 3127945
MSKB 3127958
MSKB 3141535
MSKB 3172539
MSKB 3178653
MSKB 3178656
MSKB 3178688
MSKB 3178693
MSKB 4010096
MSKB 4010299
MSKB 4010300
MSKB 4010301
MSKB 4010303
MSKB 4010304
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012497
MSKB 4012583
MSKB 4017018
MSKB 4012584
MSKB 4012606
MSKB 4013198
MSKB 4013429
MSKB 4013867
XREF MSFT:MS17-013
XREF IAVA:2017-A-0063
XREF CISA-KNOWN-EXPLOITED:2022/03/24
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Plugin Information
Published: 2017/03/17, Modified: 2022/05/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
97733 - MS17-017: Security Update for Windows Kernel (4013081)
-
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities :

- An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0050)

- An elevation of privilege vulnerability exists in the Windows Transaction Manager due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-0101)

- An elevation of privilege vulnerability exists due to a failure to check the length of a buffer prior to copying memory. A local attacker can exploit this, by copying a file to a shared folder or drive, to gain elevated privileges. (CVE-2017-0102)

- An elevation of privilege vulnerability exists in the Windows Kernel API due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0103)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.644
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 96025
BID 96623
BID 96625
BID 96627
CVE CVE-2017-0050
CVE CVE-2017-0101
CVE CVE-2017-0102
CVE CVE-2017-0103
MSKB 4011981
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-017
XREF IAVA:2017-A-0068
XREF CISA-KNOWN-EXPLOITED:2022/04/05
Plugin Information
Published: 2017/03/14, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
97738 - MS17-018: Security Update for Windows Kernel-Mode Drivers (4013083)
-
Synopsis
The remote Windows host is affected multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.0673
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 96029
BID 96032
BID 96630
BID 96631
BID 96632
BID 96633
BID 96634
BID 96635
CVE CVE-2017-0024
CVE CVE-2017-0026
CVE CVE-2017-0056
CVE CVE-2017-0078
CVE CVE-2017-0079
CVE CVE-2017-0080
CVE CVE-2017-0081
CVE CVE-2017-0082
MSKB 4012497
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-018
XREF IAVA:2017-A-0069
Plugin Information
Published: 2017/03/15, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689

117639 - ManageEngine Desktop Central 10 < Build 100282 Remote Privilege Escalation
-
Synopsis
The remote web server contains a Java-based web application that is affected by a remote privilege escalation.
Description
The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100282. It is, therefore, affected by a remote privilege escalation vulnerability.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 100282 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0386
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 105348
CVE CVE-2018-13411
CVE CVE-2018-13412
XREF IAVA:2018-A-0302-S
Plugin Information
Published: 2018/09/21, Modified: 2024/08/06
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9 build 91084
Fixed version : 10 Build 100282

117639 - ManageEngine Desktop Central 10 < Build 100282 Remote Privilege Escalation
-
Synopsis
The remote web server contains a Java-based web application that is affected by a remote privilege escalation.
Description
The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100282. It is, therefore, affected by a remote privilege escalation vulnerability.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 100282 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0386
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 105348
CVE CVE-2018-13411
CVE CVE-2018-13412
XREF IAVA:2018-A-0302-S
Plugin Information
Published: 2018/09/21, Modified: 2024/08/06
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9 build 91084
Fixed version : 10 Build 100282

117639 - ManageEngine Desktop Central 10 < Build 100282 Remote Privilege Escalation
-
Synopsis
The remote web server contains a Java-based web application that is affected by a remote privilege escalation.
Description
The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100282. It is, therefore, affected by a remote privilege escalation vulnerability.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 10 build 100282 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0386
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 105348
CVE CVE-2018-13411
CVE CVE-2018-13412
XREF IAVA:2018-A-0302-S
Plugin Information
Published: 2018/09/21, Modified: 2024/08/06
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9 build 91084
Fixed version : 10 Build 100282

206714 - ManageEngine Endpoint Central < 11.3.2400.15 , < 11.3.2406.08 Incorrect Authorization vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2400.15 or prior to 11.3.2406.08. It is,therefore, affected by an incorrect authorization vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2400.15, 11.3.2406.08 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.5
EPSS Score
0.0009
CVSS v2.0 Base Score
8.7 (CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38868
XREF IAVA:2024-A-0539-S
Plugin Information
Published: 2024/09/06, Modified: 2024/11/15
Plugin Output

tcp/0


Path : C:\ManageEngine\DesktopCentral_Server
Installed version : 9.1.0
Fixed version : 11.3.2400.15

206714 - ManageEngine Endpoint Central < 11.3.2400.15 , < 11.3.2406.08 Incorrect Authorization vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2400.15 or prior to 11.3.2406.08. It is,therefore, affected by an incorrect authorization vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2400.15, 11.3.2406.08 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.5
EPSS Score
0.0009
CVSS v2.0 Base Score
8.7 (CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38868
XREF IAVA:2024-A-0539-S
Plugin Information
Published: 2024/09/06, Modified: 2024/11/15
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9
Fixed version : 11.3.2400.15

206714 - ManageEngine Endpoint Central < 11.3.2400.15 , < 11.3.2406.08 Incorrect Authorization vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2400.15 or prior to 11.3.2406.08. It is,therefore, affected by an incorrect authorization vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2400.15, 11.3.2406.08 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.5
EPSS Score
0.0009
CVSS v2.0 Base Score
8.7 (CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38868
XREF IAVA:2024-A-0539-S
Plugin Information
Published: 2024/09/06, Modified: 2024/11/15
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9
Fixed version : 11.3.2400.15

206714 - ManageEngine Endpoint Central < 11.3.2400.15 , < 11.3.2406.08 Incorrect Authorization vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2400.15 or prior to 11.3.2406.08. It is,therefore, affected by an incorrect authorization vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2400.15, 11.3.2406.08 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.5
EPSS Score
0.0009
CVSS v2.0 Base Score
8.7 (CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C)
CVSS v2.0 Temporal Score
6.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38868
XREF IAVA:2024-A-0539-S
Plugin Information
Published: 2024/09/06, Modified: 2024/11/15
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9
Fixed version : 11.3.2400.15

211399 - ManageEngine Endpoint Central < 11.3.2416.22 , 11.3.2428.x < 11.3.2428.10, 11.3.2435.x < 11.3.2435.1 Arbitrary File Deletion vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2416.22, 11.3.2428.10 or 11.3.2435.1. It is,therefore, affected by a Arbitrary File Deletion vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2416.22, 11.3.2428.10, 11.3.2435.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0003
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-10203
XREF IAVA:2024-A-0715-S
Plugin Information
Published: 2024/11/15, Modified: 2025/11/24
Plugin Output

tcp/0


Path : C:\ManageEngine\DesktopCentral_Server
Installed version : 9.1.0
Fixed version : 11.3.2416.22

211399 - ManageEngine Endpoint Central < 11.3.2416.22 , 11.3.2428.x < 11.3.2428.10, 11.3.2435.x < 11.3.2435.1 Arbitrary File Deletion vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2416.22, 11.3.2428.10 or 11.3.2435.1. It is,therefore, affected by a Arbitrary File Deletion vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2416.22, 11.3.2428.10, 11.3.2435.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0003
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-10203
XREF IAVA:2024-A-0715-S
Plugin Information
Published: 2024/11/15, Modified: 2025/11/24
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9
Fixed version : 11.3.2416.22

211399 - ManageEngine Endpoint Central < 11.3.2416.22 , 11.3.2428.x < 11.3.2428.10, 11.3.2435.x < 11.3.2435.1 Arbitrary File Deletion vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2416.22, 11.3.2428.10 or 11.3.2435.1. It is,therefore, affected by a Arbitrary File Deletion vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2416.22, 11.3.2428.10, 11.3.2435.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0003
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-10203
XREF IAVA:2024-A-0715-S
Plugin Information
Published: 2024/11/15, Modified: 2025/11/24
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9
Fixed version : 11.3.2416.22

211399 - ManageEngine Endpoint Central < 11.3.2416.22 , 11.3.2428.x < 11.3.2428.10, 11.3.2435.x < 11.3.2435.1 Arbitrary File Deletion vulnerability
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2416.22, 11.3.2428.10 or 11.3.2435.1. It is,therefore, affected by a Arbitrary File Deletion vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2416.22, 11.3.2428.10, 11.3.2435.1 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0003
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-10203
XREF IAVA:2024-A-0715-S
Plugin Information
Published: 2024/11/15, Modified: 2025/11/24
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9
Fixed version : 11.3.2416.22

103876 - Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.
(CVE-2017-11780)

- A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to send specially crafted SMB requests to the target system. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. The security update addresses the vulnerability by correcting the manner in which SMB handles specially crafted client requests.
(CVE-2017-11781)

Note that Microsoft uses AC:H for these two vulnerabilities. This could mean that an exploitable target is configured in a certain way that may include that a publicly accessible file share is available and share enumeration is allowed for anonymous users.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
Medium
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L)
CVSS v3.0 Temporal Score
6.1 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.7
EPSS Score
0.1426
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 101110
BID 101140
CVE CVE-2017-11780
CVE CVE-2017-11781
MSKB 4041676
MSKB 4041678
MSKB 4041679
MSKB 4041681
MSKB 4041687
MSKB 4041689
MSKB 4041690
MSKB 4041691
MSKB 4041693
MSKB 4041995
MSKB 4042895
XREF MSFT:MS17-4041676
XREF MSFT:MS17-4041678
XREF MSFT:MS17-4041679
XREF MSFT:MS17-4041681
XREF MSFT:MS17-4041687
XREF MSFT:MS17-4041689
XREF MSFT:MS17-4041690
XREF MSFT:MS17-4041691
XREF MSFT:MS17-4041693
XREF MSFT:MS17-4041995
XREF MSFT:MS17-4042895
Plugin Information
Published: 2017/10/17, Modified: 2025/11/18
Plugin Output

tcp/445/cifs

63155 - Microsoft Windows Unquoted Service Path Enumeration
-
Synopsis
The remote Windows host has at least one service installed that uses an unquoted service path.
Description
The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.

Note that this is a generic test that will flag any application affected by the described vulnerability.
See Also
Solution
Ensure that any services that contain a space in the path enclose the path in quotes.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0078
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 58591
BID 58617
BID 65873
BID 68520
CVE CVE-2013-1609
CVE CVE-2014-0759
CVE CVE-2014-5455
XREF ICSA:14-058-01
XREF EDB-ID:34037
Exploitable With
Metasploit (true)
Plugin Information
Published: 2012/12/05, Modified: 2025/05/29
Plugin Output

tcp/445/cifs


Nessus found the following service with an untrusted path :
OpenSSHd : C:\Program Files\OpenSSH\bin\cygrunsrv.exe

106097 - MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (January 2018 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The version of MySQL running on the remote host is 5.5.x prior to 5.5.59. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to MySQL version 5.5.59 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.2
EPSS Score
0.005
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102495
BID 102706
BID 102678
BID 102681
BID 102682
BID 102713
CVE CVE-2018-2562
CVE CVE-2018-2622
CVE CVE-2018-2640
CVE CVE-2018-2665
CVE CVE-2018-2668
Plugin Information
Published: 2018/01/17, Modified: 2021/05/21
Plugin Output

tcp/0


Path : c:\wamp\bin\mysql\mysql5.5.20\bin\
Installed version : 5.5.20.0
Fixed version : 5.5.59
109166 - MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to MySQL version 5.5.60 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.7 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.5
EPSS Score
0.0225
CVSS v2.0 Base Score
5.5 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 103778
BID 103802
BID 103804
BID 103814
BID 103824
BID 103828
BID 103830
CVE CVE-2018-2755
CVE CVE-2018-2758
CVE CVE-2018-2761
CVE CVE-2018-2766
CVE CVE-2018-2771
CVE CVE-2018-2773
CVE CVE-2018-2781
CVE CVE-2018-2782
CVE CVE-2018-2784
CVE CVE-2018-2787
CVE CVE-2018-2805
CVE CVE-2018-2813
CVE CVE-2018-2817
CVE CVE-2018-2818
CVE CVE-2018-2819
Plugin Information
Published: 2018/04/19, Modified: 2024/10/30
Plugin Output

tcp/0


Path : c:\wamp\bin\mysql\mysql5.5.20\bin\
Installed version : 5.5.20.0
Fixed version : 5.5.60

193574 - Oracle Java (Apr 2024 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 8u401, 20.3.13, 21.3.9, 11.0.23, 17.0.10, 21.0.3, 22, and perf versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory.

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition.(CVE-2023-41993)

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GraalVM for JDK executes to compromise Oracle GraalVM for JDK. While the vulnerability is in Oracle GraalVM for JDK, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM for JDK accessible data.
(CVE-2024-21892)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.23, 17.0.10, 21.0.3, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.3, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2024-21011)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the April 2024 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.2153
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-32643
CVE CVE-2023-41993
CVE CVE-2024-20954
CVE CVE-2024-21002
CVE CVE-2024-21003
CVE CVE-2024-21004
CVE CVE-2024-21005
CVE CVE-2024-21011
CVE CVE-2024-21012
CVE CVE-2024-21068
CVE CVE-2024-21085
CVE CVE-2024-21094
CVE CVE-2024-21098
CVE CVE-2024-21892
XREF IAVA:2024-A-0239
XREF CISA-KNOWN-EXPLOITED:2023/10/16
XREF IAVA:2024-A-0239
Plugin Information
Published: 2024/04/19, Modified: 2025/03/14
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.411 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.411 or greater
132992 - Oracle Java SE 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2 Multiple Vulnerabilities (Jan 2020 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 251, 8 Update 241, 11 Update 6, or 13 Update 2. It is, therefore, affected by multiple vulnerabilities:

- Oracle Java SE and Java SE Embedded are prone to a severe division by zero, over 'Multiple' protocol.
This issue affects the 'SQLite' component.(CVE-2019-16168)

- Oracle Java SE and Java SE Embedded are prone to format string vulnerability, leading to a read uninitialized stack data over 'Multiple' protocol. This issue affects the 'libxst' component.
(CVE-2019-13117, CVE-2019-13118)

- Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this over 'Kerberos' protocol. This issue affects the 'Security' component.
(CVE-2020-2601, CVE-2020-2590)

- Oracle Java SE/Java SE Embedded are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this overmultiple protocols. This issue affects the 'Serialization' component.
(CVE-2020-2604, CVE-2020-2583)

- Oracle Java SE/Java SE Embedded are prone to a remote security vulnerability. Tn unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'Networking' component.
(CVE-2020-2593, CVE-2020-2659)

- Oracle Java SE are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'Libraries' component. (CVE-2020-2654)

- Oracle Java SE are prone to a multiple security vulnerability. An unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'JavaFX' component. (CVE-2020-2585)

- Oracle Java SE are prone to a multiple security vulnerability. An unauthenticate remote attacker can exploit this over 'HTTPS' protocols. This issue affects the 'JSSE' component. (CVE-2020-2655)

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 13 Update 2 , 11 Update 6, 8 Update 241 / 7 Update 251 or later. If necessary, remove any affected versions.
Risk Factor
Medium
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0457
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2020/01/16, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.241 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.241 or greater
135592 - Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol.
This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757)

- Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764)

- Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773)

It is also affected by other vulnerabilities; please see vendor advisories for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7, 8 Update 251 , 7 Update 261 or later.
If necessary, remove any affected versions.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0429
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2020/04/16, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.251 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.251 or greater
135591 - Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol.
This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757)

- Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764)

- Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767)

- Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability.
An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773)

It is also affected by other vulnerabilities; please see vendor advisories for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7 , 8 Update 251 , 7 Update 261 or later.
If necessary, remove any affected versions.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0429
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2020/04/16, Modified: 2024/06/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.251 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.251 or greater
138522 - Oracle Java SE 1.7.0_271 / 1.8.0_261 / 1.11.0_8 / 1.14.0_2 Multiple Vulnerabilities (Jul 2020 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 271, 8 Update 261, 11 Update 8, or 14 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the July 2020 CPU advisory:

- Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14664)

- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14583)

- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14593)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0183
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2020/07/16, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.261 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.261 or greater
154344 - Oracle Java SE 1.7.0_321 / 1.8.0_311 / 1.11.0_13 / 1.17.0_1 Multiple Vulnerabilities (October 2021 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 321, 8 Update 311, 11 Update 13, or 17 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory:

- Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX (libxml)). The supported version that is affected is Java SE: 8u301. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE as well as unauthorized update, insert or delete access to some of Java SE accessible data and unauthorized read access to a subset of Java SE accessible data. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-3517)

- Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-35560)

- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2021-35567)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0056
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/10/22, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.311 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.311 or greater
154345 - Oracle Java SE 1.7.0_321 / 1.8.0_311 / 1.11.0_13 / 1.17.0_1 Multiple Vulnerabilities (Unix October 2021 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 321, 8 Update 311, 11 Update 13, or 17 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory:

- Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX (libxml)). The supported version that is affected is Java SE: 8u301. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE as well as unauthorized update, insert or delete access to some of Java SE accessible data and unauthorized read access to a subset of Java SE accessible data. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-3517)

- Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-35560)

- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2021-35567)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2021 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0056
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/10/22, Modified: 2022/12/07
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.311 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.311 or greater
109202 - Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization
See Also
Solution
Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0346
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 103796
BID 103810
BID 103817
BID 103832
BID 103848
BID 103849
BID 103872
CVE CVE-2018-2783
CVE CVE-2018-2790
CVE CVE-2018-2794
CVE CVE-2018-2795
CVE CVE-2018-2796
CVE CVE-2018-2797
CVE CVE-2018-2798
CVE CVE-2018-2799
CVE CVE-2018-2800
CVE CVE-2018-2811
CVE CVE-2018-2814
CVE CVE-2018-2815
CVE CVE-2018-2825
CVE CVE-2018-2826
Plugin Information
Published: 2018/04/20, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.171 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.171 or greater
109203 - Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix)
-
Synopsis
The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization
See Also
Solution
Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0346
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
References
BID 103796
BID 103810
BID 103817
BID 103832
BID 103848
BID 103849
BID 103872
CVE CVE-2018-2783
CVE CVE-2018-2790
CVE CVE-2018-2794
CVE CVE-2018-2795
CVE CVE-2018-2796
CVE CVE-2018-2797
CVE CVE-2018-2798
CVE CVE-2018-2799
CVE CVE-2018-2800
CVE CVE-2018-2811
CVE CVE-2018-2814
CVE CVE-2018-2815
CVE CVE-2018-2825
CVE CVE-2018-2826
Plugin Information
Published: 2018/04/20, Modified: 2024/10/29
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.171 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.171 or greater
174511 - Oracle Java SE Multiple Vulnerabilities (April 2023 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2023-21930)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2023-21939)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2023-21954)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the April 2023 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0175
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/04/20, Modified: 2023/04/21
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.371 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.371 or greater
106190 - Oracle Java SE Multiple Vulnerabilities (January 2018 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Deployment
- Hotspot
- I18n
- Installer
- JCE
- JGSS
- JMX
- JNDI
- JavaFX
- LDAP
- Libraries
- Serialization
See Also
Solution
Upgrade to Oracle JDK / JRE 9 Update 4, 8 Update 161 / 7 Update 171 / 6 Update 181 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0109
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102546
BID 102556
BID 102557
BID 102576
BID 102584
BID 102592
BID 102597
BID 102605
BID 102612
BID 102615
BID 102625
BID 102629
BID 102633
BID 102636
BID 102642
BID 102656
BID 102659
BID 102661
BID 102662
BID 102663
CVE CVE-2018-2579
CVE CVE-2018-2581
CVE CVE-2018-2582
CVE CVE-2018-2588
CVE CVE-2018-2599
CVE CVE-2018-2602
CVE CVE-2018-2603
CVE CVE-2018-2618
CVE CVE-2018-2627
CVE CVE-2018-2629
CVE CVE-2018-2633
CVE CVE-2018-2634
CVE CVE-2018-2637
CVE CVE-2018-2638
CVE CVE-2018-2639
CVE CVE-2018-2641
CVE CVE-2018-2657
CVE CVE-2018-2663
CVE CVE-2018-2677
CVE CVE-2018-2678
Plugin Information
Published: 2018/01/19, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.161 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.161 or greater
106191 - Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) (Unix)
-
Synopsis
The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 1888888881. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Deployment
- Hotspot
- I18n
- Installer
- JCE
- JGSS
- JMX
- JNDI
- JavaFX
- LDAP
- Libraries
- Serialization
See Also
Solution
Upgrade to Oracle JDK / JRE 9 Update 4, 8 Update 161 / 7 Update 171 / 6 Update 181 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.3
EPSS Score
0.0109
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 102546
BID 102556
BID 102557
BID 102576
BID 102584
BID 102592
BID 102597
BID 102605
BID 102612
BID 102615
BID 102625
BID 102629
BID 102633
BID 102636
BID 102642
BID 102656
BID 102659
BID 102661
BID 102662
BID 102663
CVE CVE-2018-2579
CVE CVE-2018-2581
CVE CVE-2018-2582
CVE CVE-2018-2588
CVE CVE-2018-2599
CVE CVE-2018-2602
CVE CVE-2018-2603
CVE CVE-2018-2618
CVE CVE-2018-2627
CVE CVE-2018-2629
CVE CVE-2018-2633
CVE CVE-2018-2634
CVE CVE-2018-2637
CVE CVE-2018-2638
CVE CVE-2018-2639
CVE CVE-2018-2641
CVE CVE-2018-2657
CVE CVE-2018-2663
CVE CVE-2018-2677
CVE CVE-2018-2678
Plugin Information
Published: 2018/01/19, Modified: 2024/06/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.161 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.161 or greater
189116 - Oracle Java SE Multiple Vulnerabilities (January 2024 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2024-20918)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2024-20921)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2024-20932)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2024 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.0
EPSS Score
0.0055
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/01/17, Modified: 2024/04/19
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.401 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.401 or greater
294870 - Oracle Java SE Multiple Vulnerabilities (January 2026 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The version of Java installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory.

- Vulnerability in Oracle Java SE (component: JavaFX (libxslt)). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2025-7425)

- Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2025-43368)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2026-21945)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.
Risk Factor
Critical
CVSS v4.0 Base Score
4.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
7.9
EPSS Score
0.0004
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2026/01/21, Modified: 2026/02/04
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.481 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.481 or greater
163304 - Oracle Java SE Multiple Vulnerabilities (July 2022 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2022-21540)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2022-21541)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2022-21549)

- Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image (Gson)). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. (CVE-2022-25647)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP (Xalan-J)). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
(CVE-2022-34169)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2022 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0877
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21540
CVE CVE-2022-21541
CVE CVE-2022-21549
CVE CVE-2022-25647
CVE CVE-2022-34169
XREF IAVA:2022-A-0287-S
XREF IAVA:2023-A-0558
Plugin Information
Published: 2022/07/20, Modified: 2023/10/24
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.341 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.341 or greater
178485 - Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. (CVE-2023-22036)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (CVE-2023-22041)

- Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. (CVE-2023-22043)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2023 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
VPR Score
4.4
EPSS Score
0.0069
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
STIG Severity
I
References
Plugin Information
Published: 2023/07/19, Modified: 2024/01/31
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.381 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.381 or greater
209282 - Oracle Java SE Multiple Vulnerabilities (October 2024 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

- Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM for JDK. (CVE-2024-36138)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u421; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2023-42950)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
JavaFX (libxml2)). Supported versions that are affected are Oracle Java SE: 8u421; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2024-25062)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0074
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.1 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/10/18, Modified: 2025/11/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.431 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.431 or greater
271249 - Oracle Java SE Multiple Vulnerabilities (October 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 8u461, 11.0.28, 17.0.16, 21.0.8, 25, versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u461-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. (CVE-2025-31257)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-53057)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. (CVE-2025-53066)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
VPR Score
9.0
EPSS Score
0.0009
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
Plugin Information
Published: 2025/10/23, Modified: 2025/12/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.471 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.471 or greater

59056 - PHP 5.3.x < 5.3.13 CGI Query String Code Execution
-
Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.13 and, as such, is potentially affected by a remote code execution and information disclosure vulnerability.

The fix for CVE-2012-1823 does not completely correct the CGI query vulnerability. Disclosure of PHP source code and code execution via query parameters are still possible.

Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.
See Also
Solution
Upgrade to PHP version 5.3.13 or later. A 'mod_rewrite'
workaround is available as well.
Risk Factor
High
VPR Score
7.4
EPSS Score
0.8683
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 53388
CVE CVE-2012-2311
CVE CVE-2012-2335
CVE CVE-2012-2336
XREF CERT:520827
Exploitable With
Metasploit (true)
Plugin Information
Published: 2012/05/09, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.13
59529 - PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is, therefore, potentially affected the following vulnerabilities :

- An integer overflow error exists in the function 'phar_parse_tarfile' in the file 'ext/phar/tar.c'. This error can lead to a heap-based buffer overflow when handling a maliciously crafted TAR file. Arbitrary code execution is possible due to this error. (CVE-2012-2386)

- A weakness exists in the 'crypt' function related to the DES implementation that can allow brute-force attacks. (CVE-2012-2143)

- Several design errors involving the incorrect parsing of PHP PDO prepared statements could lead to disclosure of sensitive information or denial of service.
(CVE-2012-3450)

- A variable initialization error exists in the file 'ext/openssl/openssl.c' that can allow process memory contents to be disclosed when input data is of length zero. (CVE-2012-6113)
See Also
Solution
Upgrade to PHP version 5.3.14 or later.
Risk Factor
High
VPR Score
6.7
EPSS Score
0.1383
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 47545
BID 53729
BID 54777
BID 57462
CVE CVE-2012-2143
CVE CVE-2012-2386
CVE CVE-2012-3450
CVE CVE-2012-6113
XREF EDB-ID:17201
Plugin Information
Published: 2012/06/15, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.14
64992 - PHP 5.3.x < 5.3.22 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.22. It is, therefore, potentially affected by the following vulnerabilities :

- An error exists in the file 'ext/soap/soap.c'
related to the 'soap.wsdl_cache_dir' configuration directive and writing cache files that could allow remote 'wsdl' files to be written to arbitrary locations. (CVE-2013-1635)

- An error exists in the file 'ext/soap/php_xml.c'
related to parsing SOAP 'wsdl' files and external entities that could cause PHP to parse remote XML documents defined by an attacker. This could allow access to arbitrary files. (CVE-2013-1643)

Note that this plugin does not attempt to exploit the vulnerabilities but, instead relies only on PHP's self-reported version number.
See Also
Solution
Upgrade to PHP version 5.3.22 or later.
Risk Factor
High
VPR Score
5.9
EPSS Score
0.0333
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58224
BID 58766
CVE CVE-2013-1635
CVE CVE-2013-1643
Plugin Information
Published: 2013/03/04, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.22
66584 - PHP 5.3.x < 5.3.23 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.23. It is, therefore, potentially affected by multiple vulnerabilities:

- An error exists in the file 'ext/soap/soap.c'
related to the 'soap.wsdl_cache_dir' configuration directive and writing cache files that could allow remote 'wsdl' files to be written to arbitrary locations. (CVE-2013-1635)

- An error exists in the file 'ext/soap/php_xml.c'
related to parsing SOAP 'wsdl' files and external entities that could cause PHP to parse remote XML documents defined by an attacker. This could allow access to arbitrary files. (CVE-2013-1643)

- An information disclosure in the file 'ext/soap/php_xml.c' related to parsing SOAP 'wsdl'
files and external entities that could cause PHP to parse remote XML documents defined by an attacker. This could allow access to arbitrary files. (CVE-2013-1824)

Note that this plugin does not attempt to exploit the vulnerability, but instead relies only on PHP's self-reported version number.
See Also
Solution
Upgrade to PHP version 5.3.23 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0333
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58224
BID 58766
BID 62373
CVE CVE-2013-1635
CVE CVE-2013-1643
CVE CVE-2013-1824
Plugin Information
Published: 2013/05/24, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.23
71426 - PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.28. It is, therefore, potentially affected by the following vulnerabilities :

- A flaw exists in the PHP OpenSSL extension's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073, CVE-2013-4248)

- A memory corruption flaw exists in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420)

Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.
See Also
Solution
Upgrade to PHP version 5.3.28 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
6.6 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.2
EPSS Score
0.472
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 60843
BID 61776
BID 64225
CVE CVE-2013-4073
CVE CVE-2013-4248
CVE CVE-2013-6420
XREF EDB-ID:30395
Plugin Information
Published: 2013/12/14, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.28
77285 - PHP 5.3.x < 5.3.29 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.29. It is, therefore, affected by the following vulnerabilities :

- A heap-based buffer overflow error exists in the file 'ext/date/lib/parse_iso_intervals.c' related to handling DateInterval objects that allows denial of service attacks. (CVE-2013-6712)

- A boundary checking error exists related to the Fileinfo extension, Composite Document Format (CDF) handling, and the function 'cdf_read_short_sector'. (CVE-2014-0207)

- A flaw exists with the 'cdf_unpack_summary_info()'
function within 'src/cdf.c' where multiple file_printf calls occur when handling specially crafted CDF files.
This could allow a context dependent attacker to crash the web application using PHP. (CVE-2014-0237)

- A flaw exists with the 'cdf_read_property_info()'
function within 'src/cdf.c' where an infinite loop occurs when handling specially crafted CDF files. This could allow a context dependent attacker to crash the web application using PHP. (CVE-2014-0238)

- A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515)

- An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)

- A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049)

- An out-of-bounds read exists in printf. (Bug #67249)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.

Additionally, note that version 5.3.29 marks the end of support for the PHP 5.3.x branch.
See Also
Solution
Upgrade to PHP version 5.3.29 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.6079
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
References
BID 64018
BID 67759
BID 67765
BID 67837
BID 68007
BID 68120
BID 68237
BID 68238
BID 68239
BID 68241
BID 68243
BID 68423
BID 69271
BID 73385
CVE CVE-2013-6712
CVE CVE-2014-0207
CVE CVE-2014-0237
CVE CVE-2014-0238
CVE CVE-2014-3478
CVE CVE-2014-3479
CVE CVE-2014-3480
CVE CVE-2014-3487
CVE CVE-2014-3515
CVE CVE-2014-3981
CVE CVE-2014-4049
CVE CVE-2014-4721
Plugin Information
Published: 2014/08/20, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.29
58988 - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution
-
Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such is potentially affected by a remote code execution and information disclosure vulnerability.

An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web server or to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters as command line arguments including switches such as '-s', '-d', and '-c'.

Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.
See Also
Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite'
workaround is available as well.
Risk Factor
High
VPR Score
8.9
EPSS Score
0.9439
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
References
BID 53388
CVE CVE-2012-1823
XREF CERT:520827
XREF CISA-KNOWN-EXPLOITED:2022/04/15
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2012/05/04, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.12 / 5.4.2
142591 - PHP < 7.3.24 Multiple Vulnerabilities
-
Synopsis
The version of PHP running on the remote web server is affected by multiple vulnerabilities.
Description
According to its self-reported version number, the version of PHP running on the remote web server is prior to 7.3.24. It is, therefore affected by multiple vulnerabilities
See Also
Solution
Upgrade to PHP version 7.3.24 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
STIG Severity
I
References
XREF IAVA:2020-A-0510-S
Plugin Information
Published: 2020/11/06, Modified: 2025/05/26
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/ (5.3.10 under Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10)
Installed version : 5.3.10
Fixed version : 7.3.24

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
EPSS Score
0.4002
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2025/02/12
Plugin Output

tcp/3389/msrdp


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
EPSS Score
0.4002
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2025/02/12
Plugin Output

tcp/4848


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
EPSS Score
0.4002
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2025/02/12
Plugin Output

tcp/8181


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
EPSS Score
0.4002
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2025/02/12
Plugin Output

tcp/8383/www


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

104896 - Security Updates for Internet Explorer (September 2017)
-
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. (CVE-2017-8529)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)

- A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.
(CVE-2017-8733)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)

- A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the related rendering engine.
The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)

- An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.
(CVE-2017-8736)
See Also
Solution
Microsoft has released security updates for the affected versions of Internet Explorer.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.2763
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
References
BID 98953
BID 100737
BID 100743
BID 100764
BID 100765
BID 100766
BID 100770
BID 100771
CVE CVE-2017-8529
CVE CVE-2017-8733
CVE CVE-2017-8736
CVE CVE-2017-8741
CVE CVE-2017-8747
CVE CVE-2017-8748
CVE CVE-2017-8749
CVE CVE-2017-8750
MSKB 4036586
MSKB 4038792
MSKB 4038799
MSKB 4038777
XREF MSFT:MS17-4036586
XREF MSFT:MS17-4038792
XREF MSFT:MS17-4038799
XREF MSFT:MS17-4038777
Plugin Information
Published: 2017/11/30, Modified: 2025/11/13
Plugin Output

tcp/445/cifs



The following registry key is required to enable the fix for CVE-2017-8529 and is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe

The following registry key is required to enable the fix for CVE-2017-8529 and is missing.
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)
-
Synopsis
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
See Also
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.8023
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF IAVA:2013-A-0227
Plugin Information
Published: 2022/10/26, Modified: 2025/12/17
Plugin Output

tcp/445/cifs



Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
99304 - Windows 7 and Windows 2008 R2 April 2017 Security Updates (Petya)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4015546 or cumulative update 4015549. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive information that can be utilized to bypass ASLR security protections. (CVE-2013-6629)

- An information disclosure vulnerability exists in the win32k component due to improper handling of kernel information. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0058)

- Multiple privilege escalation vulnerabilities exist in the Microsoft Graphics Component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges.
(CVE-2017-0155, CVE-2017-0156)

- A flaw exists in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially crafted document file, to execute arbitrary code.
(CVE-2017-0158)

- Multiple flaws exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker can exploit these, via a specially crafted application on the guest, to execute arbitrary code on the host system.
(CVE-2017-0163, CVE-2017-0180)

- A flaw exists in LDAP due to buffer request lengths not being properly calculated. An unauthenticated, remote attacker can exploit this, via specially crafted traffic sent to a Domain Controller, to run processes with elevated privileges. (CVE-2017-0166)

- An information disclosure vulnerability exists in Windows Hyper-V Network Switch due to improper validation of user-supplied input. A guest attacker can exploit this to disclose sensitive information on the host server. (CVE-2017-0168)

- Multiple denial of service vulnerabilities exist in Windows Hyper-V Network Switch due to improper validation of input from the guest operating system. A local attacker on the guest can exploit these vulnerabilities, via a specially crafted application, to crash the host system. (CVE-2017-0182, CVE-2017-0183)

- A denial of service vulnerability exists in Hyper-V due to improper validation of input from a privileged user on a guest operating system. A local attacker on the guest can exploit this, via a specially crafted application, to cause the host system to crash.
(CVE-2017-0184)

- A flaw exists in Windows due to improper handling of objects in memory that allows an attacker to cause a denial of service condition. (CVE-2017-0191)

- An information disclosure vulnerability exists in the Adobe Type Manager Font Driver (ATMFD.dll) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a malicious web page, to disclose sensitive information. (CVE-2017-0192)

- An arbitrary code execution vulnerability exists in Microsoft Office and Windows WordPad due to improper handling of specially crafted files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a malicious file, to execute arbitrary code in the context of the current user. Note that this vulnerability is being utilized to spread the Petya ransomware. (CVE-2017-0199)

- A memory corruption issue exists in Internet Explorer due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to execute arbitrary code. (CVE-2017-0202)

- A privilege escalation vulnerability exists in Internet Explorer due to a failure to properly enforce cross-domain policies. An unauthenticated, remote attacker can exploit this to inject arbitrary content and gain elevated privileges. (CVE-2017-0210)
See Also
Solution
Apply Security Only update KB4015546 or Cumulative update KB4015549.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.8
EPSS Score
0.9433
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 63676
BID 97418
BID 97427
BID 97428
BID 97435
BID 97441
BID 97444
BID 97446
BID 97452
BID 97455
BID 97462
BID 97465
BID 97466
BID 97471
BID 97498
BID 97507
BID 97512
CVE CVE-2013-6629
CVE CVE-2017-0058
CVE CVE-2017-0155
CVE CVE-2017-0156
CVE CVE-2017-0158
CVE CVE-2017-0163
CVE CVE-2017-0166
CVE CVE-2017-0168
CVE CVE-2017-0180
CVE CVE-2017-0182
CVE CVE-2017-0183
CVE CVE-2017-0184
CVE CVE-2017-0191
CVE CVE-2017-0192
CVE CVE-2017-0199
CVE CVE-2017-0202
CVE CVE-2017-0210
MSKB 4015546
MSKB 4015549
XREF CERT:921560
XREF EDB-ID:41894
XREF EDB-ID:41934
XREF MSFT:MS17-4015546
XREF MSFT:MS17-4015549
XREF IAVA:2017-A-0110
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2017/04/12, Modified: 2025/12/26
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4015549
- 4015546

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23714
102267 - Windows 7 and Windows Server 2008 R2 August 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4034679 or cumulative update 4034664. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by sending a series of TCP packets to a target system, resulting in a permanent denial of service condition. The update addresses the vulnerability by correcting how the Windows network stack handles NetBIOS traffic. (CVE-2017-0174)

- A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-0250)

- A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-0293)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8593)

- A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.The security update addresses the vulnerability by correcting how Windows Search handles objects in memory. (CVE-2017-8620)

- An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. (CVE-2017-8624)

- This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system functionality. This update corrects the way the WER handles and executes files.
(CVE-2017-8633)

- A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8636)

- A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8641)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8653)

- An information disclosure vulnerability exists when the win32k component improperly provides kernel information.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8666)

- An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how Volume Manager Extension Driver handles objects in memory. (CVE-2017-8668)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits exploited this vulnerability would gain code execution on the target system. (CVE-2017-8691)
See Also
Solution
Apply Security Only update KB4034679 or Cumulative update KB4034664.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.8271
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 98100
BID 100032
BID 100034
BID 100038
BID 100039
BID 100056
BID 100057
BID 100059
BID 100061
BID 100069
BID 100089
BID 100090
BID 100092
CVE CVE-2017-0174
CVE CVE-2017-0250
CVE CVE-2017-0293
CVE CVE-2017-8593
CVE CVE-2017-8620
CVE CVE-2017-8624
CVE CVE-2017-8633
CVE CVE-2017-8636
CVE CVE-2017-8641
CVE CVE-2017-8653
CVE CVE-2017-8666
CVE CVE-2017-8668
CVE CVE-2017-8691
MSKB 4034664
MSKB 4034679
XREF MSFT:MS17-4034664
XREF MSFT:MS17-4034679
Plugin Information
Published: 2017/08/08, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4034664
- 4034679

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23864
105184 - Windows 7 and Windows Server 2008 R2 December 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11919)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)

- A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-11885)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)

- An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.
An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)

- An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.
(CVE-2017-11927)
See Also
Solution
Apply Security Only update KB4054521 or Cumulative update KB4054518.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.7616
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:H/RL:OF/RC:C)
References
BID 102045
BID 102046
BID 102047
BID 102053
BID 102054
BID 102055
BID 102058
BID 102062
BID 102063
BID 102078
BID 102082
BID 102091
BID 102092
BID 102093
BID 102095
CVE CVE-2017-11885
CVE CVE-2017-11886
CVE CVE-2017-11887
CVE CVE-2017-11890
CVE CVE-2017-11894
CVE CVE-2017-11895
CVE CVE-2017-11901
CVE CVE-2017-11903
CVE CVE-2017-11906
CVE CVE-2017-11907
CVE CVE-2017-11912
CVE CVE-2017-11913
CVE CVE-2017-11919
CVE CVE-2017-11927
CVE CVE-2017-11930
MSKB 4054521
MSKB 4054518
XREF MSFT:MS17-4054521
XREF MSFT:MS17-4054518
Plugin Information
Published: 2017/12/12, Modified: 2025/11/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4054521
- 4054518

- C:\Windows\system32\tzres.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23949
100058 - Windows 7 and Windows Server 2008 R2 May 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4019263 or cumulative update 4019264. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)

- An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0175)

- An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)

- An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)

- An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0220)

- A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)

- A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.
(CVE-2017-0231)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0267)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0268)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0269)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0270)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0271)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0272)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0273)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0274)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0275)

- An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.
(CVE-2017-0276)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0277)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0278)

- A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.
(CVE-2017-0279)

- A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.
(CVE-2017-0280)

- An information disclosure vulnerability exists in the GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted document or visit a specially crafted website, to disclose the contents of memory. (CVE-2017-8552)
See Also
Solution
Apply Security Only update KB4019263 or Cumulative update KB4019264.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.9269
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 98097
BID 98102
BID 98103
BID 98110
BID 98111
BID 98127
BID 98173
BID 98259
BID 98260
BID 98261
BID 98263
BID 98264
BID 98265
BID 98266
BID 98267
BID 98268
BID 98270
BID 98271
BID 98272
BID 98273
BID 98274
CVE CVE-2017-0171
CVE CVE-2017-0175
CVE CVE-2017-0213
CVE CVE-2017-0214
CVE CVE-2017-0220
CVE CVE-2017-0222
CVE CVE-2017-0231
CVE CVE-2017-0267
CVE CVE-2017-0268
CVE CVE-2017-0269
CVE CVE-2017-0270
CVE CVE-2017-0271
CVE CVE-2017-0272
CVE CVE-2017-0273
CVE CVE-2017-0274
CVE CVE-2017-0275
CVE CVE-2017-0276
CVE CVE-2017-0277
CVE CVE-2017-0278
CVE CVE-2017-0279
CVE CVE-2017-0280
CVE CVE-2017-8552
MSKB 4019263
MSKB 4019264
XREF MSFT:MS17-4019263
XREF MSFT:MS17-4019264
XREF IAVA:2017-A-0148
XREF CISA-KNOWN-EXPLOITED:2022/08/25
XREF CISA-KNOWN-EXPLOITED:2022/04/18
Exploitable With
Core Impact (true)
Plugin Information
Published: 2017/05/09, Modified: 2025/12/19
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4019264
- 4019263

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23796
104553 - Windows 7 and Windows Server 2008 R2 November 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4048960 or cumulative update 4048957. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11827, CVE-2017-11858)

- A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
(CVE-2017-11837, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11855, CVE-2017-11856, CVE-2017-11869)

- An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.
(CVE-2017-11768)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11834)

- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
(CVE-2017-11880)

- An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2017-11832, CVE-2017-11835)

- An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-11791)

- An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11847)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-11831, CVE-2017-11849, CVE-2017-11853)

- An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
(CVE-2017-11848)

- A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
(CVE-2017-11788)

- A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11851, CVE-2017-11852)
See Also
Solution
Apply Security Only update KB4048960 or Cumulative update KB4048957.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.4926
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 101703
BID 101705
BID 101709
BID 101711
BID 101715
BID 101716
BID 101721
BID 101722
BID 101725
BID 101726
BID 101729
BID 101736
BID 101737
BID 101739
BID 101740
BID 101741
BID 101742
BID 101751
BID 101753
BID 101755
BID 101762
BID 101763
BID 101764
CVE CVE-2017-11768
CVE CVE-2017-11788
CVE CVE-2017-11791
CVE CVE-2017-11827
CVE CVE-2017-11831
CVE CVE-2017-11832
CVE CVE-2017-11834
CVE CVE-2017-11835
CVE CVE-2017-11837
CVE CVE-2017-11838
CVE CVE-2017-11843
CVE CVE-2017-11846
CVE CVE-2017-11847
CVE CVE-2017-11848
CVE CVE-2017-11849
CVE CVE-2017-11851
CVE CVE-2017-11852
CVE CVE-2017-11853
CVE CVE-2017-11855
CVE CVE-2017-11856
CVE CVE-2017-11858
CVE CVE-2017-11869
CVE CVE-2017-11880
MSKB 4048960
MSKB 4048957
XREF MSFT:MS17-4048957
XREF MSFT:MS17-4048960
Plugin Information
Published: 2017/11/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4048960
- 4048957

- C:\Windows\system32\win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23932
103127 - Windows 7 and Windows Server 2008 R2 September 2017 Security Updates
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities :

- A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)

- A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.
(CVE-2017-8628)

- An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
(CVE-2017-8675)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)

- An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)

- A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
(CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)

- An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)

- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)

- An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
(CVE-2017-8695)

- A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2017-8696)

- A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
(CVE-2017-8699)

- An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707)

- An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)

- An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.
(CVE-2017-8710)

- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)

- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)

- A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)

- An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.
(CVE-2017-8736)

- A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)

- A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)

- An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)
See Also
Solution
Apply Security Only update KB4038779 or Cumulative update KB4038777 as well as refer to the KB article for additional information.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6601
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
References
BID 98953
BID 100720
BID 100722
BID 100724
BID 100727
BID 100728
BID 100736
BID 100737
BID 100742
BID 100743
BID 100744
BID 100752
BID 100755
BID 100756
BID 100764
BID 100765
BID 100766
BID 100767
BID 100769
BID 100770
BID 100771
BID 100772
BID 100773
BID 100780
BID 100781
BID 100782
BID 100783
BID 100790
BID 100791
BID 100792
BID 100793
BID 100803
BID 100804
CVE CVE-2017-0161
CVE CVE-2017-8529
CVE CVE-2017-8628
CVE CVE-2017-8675
CVE CVE-2017-8676
CVE CVE-2017-8677
CVE CVE-2017-8678
CVE CVE-2017-8679
CVE CVE-2017-8680
CVE CVE-2017-8681
CVE CVE-2017-8682
CVE CVE-2017-8683
CVE CVE-2017-8684
CVE CVE-2017-8685
CVE CVE-2017-8687
CVE CVE-2017-8688
CVE CVE-2017-8695
CVE CVE-2017-8696
CVE CVE-2017-8699
CVE CVE-2017-8707
CVE CVE-2017-8708
CVE CVE-2017-8709
CVE CVE-2017-8710
CVE CVE-2017-8719
CVE CVE-2017-8720
CVE CVE-2017-8733
CVE CVE-2017-8736
CVE CVE-2017-8741
CVE CVE-2017-8747
CVE CVE-2017-8748
CVE CVE-2017-8749
CVE CVE-2017-8750
MSKB 4038779
MSKB 4038777
XREF MSFT:MS17-4038779
XREF MSFT:MS17-4038777
Plugin Information
Published: 2017/09/12, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4038779
- 4038777

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23889

57791 - Apache 2.2.x < 2.2.22 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x installed on the remote host is prior to 2.2.22. It is, therefore, potentially affected by the following vulnerabilities :

- When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts.
This could allow a remote attacker to indirectly send requests to intranet servers.
(CVE-2011-3368, CVE-2011-4317)

- A heap-based buffer overflow exists when mod_setenvif module is enabled and both a maliciously crafted 'SetEnvIf' directive and a maliciously crafted HTTP request header are used. (CVE-2011-3607)

- A format string handling error can allow the server to be crashed via maliciously crafted cookies.
(CVE-2012-0021)

- An error exists in 'scoreboard.c' that can allow local attackers to crash the server during shutdown.
(CVE-2012-0031)

- An error exists in 'protocol.c' that can allow 'HTTPOnly' cookies to be exposed to attackers through the malicious use of either long or malformed HTTP headers. (CVE-2012-0053)

- An error in the mod_proxy_ajp module when used to connect to a backend server that takes an overly long time to respond could lead to a temporary denial of service. (CVE-2012-4557)

Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.
See Also
Solution
Upgrade to Apache version 2.2.22 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.8429
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 49957
BID 50494
BID 50802
BID 51407
BID 51705
BID 51706
BID 56753
CVE CVE-2011-3368
CVE CVE-2011-3607
CVE CVE-2011-4317
CVE CVE-2012-0021
CVE CVE-2012-0031
CVE CVE-2012-0053
CVE CVE-2012-4557
Plugin Information
Published: 2012/02/02, Modified: 2018/06/29
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.22
64912 - Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities
-
Synopsis
The remote web server is affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.24. It is, therefore, potentially affected by the following cross-site scripting vulnerabilities :

- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and unescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499)

- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scripting attacks. (CVE-2012-4558)

Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
Solution
Upgrade to Apache version 2.2.24 or later. Alternatively, ensure that the affected modules are not in use.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.0
EPSS Score
0.2823
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58165
CVE CVE-2012-3499
CVE CVE-2012-4558
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
Plugin Information
Published: 2013/02/27, Modified: 2018/06/29
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.24
68915 - Apache 2.2.x < 2.2.25 Multiple Vulnerabilities
-
Synopsis
The remote web server may be affected by multiple cross-site scripting vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore, potentially affected by the following vulnerabilities :

- A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files, making it potentially vulnerable to arbitrary command execution. (CVE-2013-1862)

- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.
(CVE-2013-1896)

Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
Solution
Upgrade to Apache version 2.2.25 or later. Alternatively, ensure that the affected modules are not in use.
Risk Factor
Medium
CVSS v3.0 Base Score
5.6 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
4.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.4036
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 59826
BID 61129
CVE CVE-2013-1862
CVE CVE-2013-1896
Plugin Information
Published: 2013/07/16, Modified: 2018/06/29
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.25
73405 - Apache 2.2.x < 2.2.27 Multiple Vulnerabilities
-
Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
According to its banner, the version of Apache 2.2.x running on the remote host is a version prior to 2.2.27. It is, therefore, potentially affected by the following vulnerabilities :

- A flaw exists with the 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. A remote attacker with a specially crafted DAV WRITE request can cause the service to stop responding.
(CVE-2013-6438)

- A flaw exists in 'mod_log_config' module that is caused when logging a cookie that has an unassigned value. A remote attacker with a specially crafted request can cause the service to crash. (CVE-2014-0098)

Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.
See Also
Solution
Upgrade to Apache version 2.2.27 or later. Alternatively, ensure that the affected modules are not in use.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.474
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 66303
CVE CVE-2013-6438
CVE CVE-2014-0098
Plugin Information
Published: 2014/04/08, Modified: 2018/09/17
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Installed version : 2.2.21
Fixed version : 2.2.27
193420 - Apache 2.4.x < 2.4.54 Out-Of-Bounds Read (CVE-2022-28330)
-
Synopsis
The remote web server is affected by an out-of-bound read vulnerability
Description
The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the 2.4.54 advisory.

- Read beyond bounds in mod_isapi: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. Acknowledgements: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache version 2.4.54 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0019
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-28330
XREF IAVA:2022-A-0230-S
Plugin Information
Published: 2024/04/17, Modified: 2024/04/18
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Installed version : 2.2.21
Fixed version : 2.4.54

177229 - Apache Struts 2.0.0 < 6.1.2.1 Denial of Service (S2-063)
-
Synopsis
Apache Struts installed on the remote host is affected by Denial of Service vulnerability
Description
The version of Apache Struts installed on the remote host is prior to 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-063 advisory.

- WW-4620 added autoGrowCollectionLimit to XWorkListPropertyAccessor, but it only handles setProperty() and not getProperty(). This could lead to OOM if developer has set CreateIfNull to true for the underlying Collection type field. (CVE-2023-34149)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 6.1.2.1 or later. Alternatively, apply the workaround as referenced in in the vendor's security bulletin
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0098
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-34149
XREF IAVA:2023-A-0287-S
Plugin Information
Published: 2023/06/13, Modified: 2025/11/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.5.31
129387 - Apache Struts 2.3.20 < 2.3.29 / 2.5.x < 2.5.13 Denial of Service Vulnerability (S2-041)
-
Synopsis
The remote Windows host contains a web application that uses a Java framework that is affected by a denial of service vulnerability.
Description
The version of Apache Struts running on the remote Windows host is 2.3.20 prior to 2.3.29 or 2.5.x < 2.5.13. It is, therefore, affected by a denial of service vulnerability in URLValidator due to improper handling of form fields. An unauthenticated, remote attacker can exploit this, via a crafted URL, to overload the server when performing validation on the URL.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Struts version 2.3.29 / 2.5.13 or later. Alternatively, apply the workarounds referenced in the vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.079
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 91278
CVE CVE-2016-4465
Plugin Information
Published: 2019/09/26, Modified: 2022/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Installed version : 2.3.20.1
Fixed version : 2.3.29

76572 - Elasticsearch 'source' Parameter RCE
-
Synopsis
The remote web server hosts a Java application that is affected by a remote code execution vulnerability.
Description
The Elasticsearch application hosted on the remote web server is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'source' parameter of the '/_search' page. A remote, unauthenticated attacker can exploit this flaw to execute arbitrary Java code or manipulate files on the remote host.
See Also
Solution
Upgrade to version 1.2.0 or later.
Risk Factor
Medium
VPR Score
9.4
EPSS Score
0.8556
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.9 (CVSS2#E:H/RL:OF/RC:C)
References
BID 67731
CVE CVE-2014-3120
XREF EDB-ID:33370
XREF EDB-ID:33588
XREF CISA-KNOWN-EXPLOITED:2022/04/15
Exploitable With
Metasploit (true)
Plugin Information
Published: 2014/07/17, Modified: 2022/03/28
Plugin Output

tcp/9200/elasticsearch


Nessus was able to execute the command "System.getProperties()" using the
following request :

http://192.168.122.168:9200/_search?source=%7B%22size%22%3A1%2C%22query%22%3A%7B%22filtered%22%3A%7B%22query%22%3A%7B%22match_all%22%3A%7B%7D%7D%7D%7D%2C%22script_fields%22%3A%7B%22Java%20Properties%22%3A%7B%22script%22%3A%22import%20java.lang.*%3B%5CnSystem.getProperties()%3B%22%7D%7D%7D&callback=jQuery1197701033_2044184969&_=1004215318


This produced the following truncated output (limited to 25 lines) :
------------------------------ snip ------------------------------
jQuery1197701033_2044184969({"took":31,"timed_out":false,"_shards":{"total":90,"successful":90,"failed":0},"hits":{"total":3,"max_score":1.0,"hits":[{"_index":"api","_type":"login","_id":"P4_jDmS2QnuWLagVSMIEBg","_score":1.0,"fields":{"Java Properties":[{"java.runtime.name":"Java(TM) SE Runtime Environment","elasticsearch":"","es.default.path.logs":"C:\\Program Files\\elasticsearch-1.1.1\\logs","es.default.path.work":"C:\\Program Files\\elasticsearch-1.1.1","sun.boot.library.path":"C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\bin","java.vm.version":"25.144-b01","es.path.home":"C:\\Program Files\\elasticsearch-1.1.1","java.vm.vendor":"Oracle Corporation","java.vendor.url":"http://java.oracle.com/","path.separator":";","java.vm.name":"Java HotSpot(TM) 64-Bit Server VM","file.encoding.pkg":"sun.io","user.country":"US","user.script":"","sun.os.patch.level":"Service Pack 1","java.vm.specification.name":"Java Virtual Machine Specification","user.dir":"C:\\Program Files\\elasticsearch-1.1.1","java.runtime.version":"1.8.0_144-b01","es.default.path.conf":"C:\\Program Files\\elasticsearch-1.1.1\\config","java.awt.graphicsenv":"sun.awt.Win32GraphicsEnvironment","java.endorsed.dirs":"C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\endorsed","os.arch":"amd64","java.io.tmpdir":"C:\\Windows\\TEMP\\","line.separator":"\r\n","java.vm.specification.vendor":"Oracle Corporation","user.variant":"","os.name":"Windows Server 2008 R2","es.default.path.data":"C:\\Program Files\\elasticsearch-1.1.1\\data","sun.jnu.encoding":"Cp1252","java.library.path":"C:\\Program Files\\elasticsearch-1.1.1\\bin;C:\\Windows\\Sun\\Java\\bin;C:\\Windows\\system32;C:\\Windows;C:\\tools\\ruby23\\bin;C:\\ProgramData\\Oracle\\Java\\javapath;C:\\ProgramData\\Boxstarter;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\OpenSSH\\bin;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\ProgramData\\chocolatey\\bin;C:\\Program Files\\Java\\jdk1.8.0_144\\bin;;.","sun.nio.ch.bugLevel":"","java.specification.name":"Java Platform API Specification","java.class.version":"52.0","sun.management.compiler":"HotSpot 64-Bit Tiered Compilers","es.default.config":"C:\\Program Files\\elasticsearch-1.1.1\\config\\elasticsearch.yml","os.version":"6.1","user.home":"C:\\Windows\\system32\\config\\systemprofile","user.timezone":"America/Los_Angeles","java.awt.printerjob":"sun.awt.windows.WPrinterJob","file.encoding":"Cp1252","java.specification.version":"1.8","es.default.path.home":"C:\\Program Files\\elasticsearch-1.1.1","es.logger.prefix":"","java.class.path":";C:\\Program Files\\elasticsearch-1.1.1/lib/elasticsearch-1.1.1.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/elasticsearch-1.1.1.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/jna-3.3.0.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/jts-1.13.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/log4j-1.2.17.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-analyzers-common-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-codecs-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-core-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-grouping-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-highlighter-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-join-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-memory-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-misc-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-queries-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-queryparser-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-sandbox-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-spatial-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/lucene-suggest-4.7.2.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/spatial4j-0.4.1.jar;C:\\Program Files\\elasticsearch-1.1.1/lib/sigar/sigar-1.6.4.jar","user.name":"VAGRANT-2008R2$","java.vm.specification.version":"1.8","java.home":"C:\\Program Files\\Java\\jdk1.8.0_144\\jre","sun.arch.data.model":"64","user.language":"en","java.specification.vendor":"Oracle Corporation","awt.toolkit":"sun.awt.windows.WToolkit","java.vm.info":"mixed mode","java.version":"1.8.0_144","java.ext.dirs":"C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\ext;C:\\Windows\\Sun\\Java\\lib\\ext","sun.boot.class.path":"C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\resources.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\rt.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\sunrsasign.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\jsse.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\jce.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\charsets.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\lib\\jfr.jar;C:\\Program Files\\Java\\jdk1.8.0_144\\jre\\classes","java.vendor":"Oracle Corporation","file.separator":"\\","java.vendor.url.bug":"http://bugreport.sun.com/bugreport/","sun.io.unicode.encoding":"UnicodeLittle","sun.cpu.endian":"little","sun.desktop":"windows","sun.cpu.isalist":"amd64"}]}}]}});

------------------------------ snip ------------------------------
101025 - Elasticsearch Unrestricted Access Information Disclosure
-
Synopsis
The search engine running on the remote web server is affected by an information disclosure vulnerability.
Description
The Elasticsearch application running on the remote web server is affected by an information disclosure vulnerability due to a failure to restrict resources via authentication. An unauthenticated, remote attacker can exploit this to disclose sensitive information from the database.
See Also
Solution
Enable native user authentication or integrate with an external user management system such as LDAP and Active Directory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2017/06/23, Modified: 2017/06/27
Plugin Output

tcp/9200/elasticsearch

Nessus detected an unprotected instance of Elasticsearch with the following indices :







5




11213 - HTTP TRACE / TRACK Methods Allowed
-
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.
See Also
Solution
Disable these HTTP methods. Refer to the plugin output for more information.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.0
EPSS Score
0.6899
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 9506
BID 9561
BID 11604
BID 33374
BID 37995
CVE CVE-2003-1567
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
XREF CWE:200
Plugin Information
Published: 2003/01/23, Modified: 2024/04/09
Plugin Output

tcp/8585/www


To disable these methods, add the following lines for each virtual
host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request : \n\n------------------------------ snip ------------------------------\nTRACE /Nessus1265479978.html HTTP/1.1
Connection: Close
Host: 192.168.122.168
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------\n\nand received the following response from the remote server :\n\n------------------------------ snip ------------------------------\nHTTP/1.1 200 OK
Date: Thu, 12 Feb 2026 04:35:44 GMT
Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: message/http

TRACE /Nessus1265479978.html HTTP/1.1
Connection: Keep-Alive
Host: 192.168.122.168
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------\n

149392 - KB5003233: Windows 7 and Windows Server 2008 R2 Security Update (May 2021)
-
Synopsis
The remote host is missing one or more security updates.
Description
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released the following security updates to address this issue:
- KB5003228
- KB5003233
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.9
EPSS Score
0.6391
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-24587
CVE CVE-2020-24588
CVE CVE-2020-26144
CVE CVE-2021-26419
CVE CVE-2021-28455
CVE CVE-2021-28476
CVE CVE-2021-31182
CVE CVE-2021-31184
CVE CVE-2021-31186
CVE CVE-2021-31188
CVE CVE-2021-31193
CVE CVE-2021-31194
MSKB 5003228
MSKB 5003233
XREF MSFT:MS21-5003228
XREF MSFT:MS21-5003233
XREF IAVA:2021-A-0223-S
XREF IAVA:2021-A-0222-S
Plugin Information
Published: 2021/05/11, Modified: 2024/11/28
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5003233
- 5003228

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.24596
55802 - MS 2562937: Update Rollup for ActiveX Kill Bits (2562937)
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities.

If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues.

Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0414
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:ND/RC:C)
References
BID 46930
BID 47643
BID 47695
CVE CVE-2011-0331
CVE CVE-2011-1207
CVE CVE-2011-1827
MSKB 2562937
XREF ICS-ALERT:11-103-01A
Plugin Information
Published: 2011/08/10, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{B4CB50E4-0309-4906-86EA-10B6641C8392}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
58335 - MS 2647518: Update Rollup for ActiveX Kill Bits (2647518)
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities.

If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues.

Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0813
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 51184
BID 51448
CVE CVE-2011-1388
CVE CVE-2011-1391
CVE CVE-2011-1392
CVE CVE-2012-0189
MSKB 2647518
Plugin Information
Published: 2012/03/13, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{ee5e14b0-4abf-409e-9c39-74f3d35bd85a}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
62466 - MS KB2661254: Update For Minimum Certificate Key Length
-
Synopsis
The remote Windows host is configured to trust SSL/TLS certificates with weak keys.
Description
The remote host is missing Microsoft KB2661254. This update restricts the use of RSA keys less than 1024 bits in length. Keys of shorter lengths are more susceptible to brute-force attacks, which could allow a man-in-the-middle attacker to intercept and/or modify data encrypted over SSL/TLS.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.

Please note this update could cause applications or services (e.g., email, signed applications, private PKI) to stop working in some environments. Refer to the Microsoft advisory for more information.
Risk Factor
Medium
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
References
MSKB 2661254
Plugin Information
Published: 2012/10/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\crypt32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17856
66423 - MS KB2820197: Update Rollup for ActiveX Kill Bits
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities.

If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues.

Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2, 8, and 2012.
Risk Factor
Medium
VPR Score
6.7
EPSS Score
0.6143
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
References
BID 58134
CVE CVE-2013-0108
MSKB 2820197
XREF EDB-ID:24745
XREF ICSA:13-053-02
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2013/05/15, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{0d080d7d-28d2-4f86-bfa1-d582e5ce4867}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
69334 - MS KB2862973: Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
-
Synopsis
The remote host is missing an update that improves cryptography and digital certificate handling in Windows.
Description
The remote host is missing Microsoft KB2862973, an update that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of some spoofing, phishing, and man-in-the-middle attacks.

Note that KB2862966 must also be installed in order for these changes to have any effect.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8 and 2012.
Risk Factor
Medium
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
References
MSKB 2862973
Plugin Information
Published: 2013/08/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs


It appears KB2862973 has not been installed since the following
registry key does not exist and/or does not contain any of the
following values :

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\default

WeakMd5ThirdPartySha256Allow
WeakMd5ThirdPartyFlags
WeakMd5ThirdPartyAfterTime
70854 - MS KB2868725: Update for Disabling RC4
-
Synopsis
The remote host has a deprecated, weak encryption cipher enabled.
Description
The remote host is missing KB2868725, an update for disabling the weak RC4 cipher suite.
See Also
Solution
Install Microsoft KB2868725.
Risk Factor
Medium
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
References
MSKB 2868725
Plugin Information
Published: 2013/11/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\Schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18270
73992 - MS KB2960358: Update for Disabling RC4 in .NET TLS
-
Synopsis
The remote host has a deprecated, weak encryption cipher available.
Description
The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS.

Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application that runs on a system that has 4.6 installed is affected.
See Also
Solution
Microsoft has released a set of security updates for the .NET Framework on Windows 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
4.2 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
References
MSKB 2960358
Plugin Information
Published: 2015/10/13, Modified: 2019/04/19
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5484
78446 - MS KB2977292: Update for Microsoft EAP Implementation that Enables the Use of TLS
-
Synopsis
The remote host is missing an update that allows TLS versions 1.1 and 1.2 to be used with EAP.
Description
The remote host is missing Microsoft KB2977292. This update allows the latest Transport Layer Security (TLS) versions (1.1 and 1.2) to be used with the Extensible Authentication Protocol (EAP) for more secure authentication. Enabling this functionality requires a registry edit.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
References
MSKB 2977292
Plugin Information
Published: 2014/10/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\rastls.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18584
84763 - MS KB3057154: Update to harden use of DES encryption (3057154)
-
Synopsis
The remote Windows host is missing a Microsoft security update.
Description
The remote Windows host is missing KB3057154, which hardens the use of DES encryption for secure communication.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Medium
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
MSKB 3057154
Plugin Information
Published: 2015/07/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3057154
- C:\Windows\system32\Kerberos.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18912
87313 - MS KB3119884: Improperly Issued Digital Certificates Could Allow Spoofing
-
Synopsis
The remote Windows host has an out-of-date SSL certificate blacklist.
Description
The remote host is missing KB3119884, KB2677070 (automatic updater), or the latest disallowed certificate update using KB2813430 (manual updater). If KB2677070 has been installed, it has not yet obtained the latest auto-updates.

Note that this plugin checks that the updaters have actually updated the disallowed CTL list, not that the KBs listed are installed. This approach was taken since the KB2677070 automatic updater isn't triggered unless software that relies on SSL in the Microsoft Cryptography API is being actively used on the remote host. This plugin can be manually resolved by importing the latest disallowedcert.sst and disallowedcertstl.cab files into the Certificates console.
See Also
Solution
Ensure that the Microsoft automatic updater for revoked certificates (KB2677070) is installed and running. Alternatively, install the manual updater (KB2813430).
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
MSKB 3119884
XREF CERT:870761
XREF IAVA:2015-A-0307-S
XREF CERT:925497
Plugin Information
Published: 2015/12/10, Modified: 2022/02/28
Plugin Output

tcp/445/cifs


The remote host is missing KB2677070 / KB2813430 or the
Rvkroots.exe update package.
87252 - MS KB3123040: Improperly Issued Digital Certificates Could Allow Spoofing
-
Synopsis
The remote Windows host has an out-of-date SSL certificate blacklist.
Description
The remote host is missing KB3046310, KB2677070 (automatic updater), or the latest disallowed certificate update using KB2813430 (manual updater). If KB2677070 has been installed, it has not yet obtained the latest auto-updates.

Note that this plugin checks that the updaters have actually updated the disallowed CTL list, not that the KBs listed are installed. This approach was taken since the KB2677070 automatic updater isn't triggered unless software that relies on SSL in the Microsoft Cryptography API is being actively used on the remote host. This plugin can be manually resolved by importing the latest disallowedcert.sst and disallowedcertstl.cab files into the Certificates console.
See Also
Solution
Ensure that the Microsoft automatic updater for revoked certificates (KB2677070) is installed and running.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
References
MSKB 3123040
Plugin Information
Published: 2015/12/08, Modified: 2022/02/28
Plugin Output

tcp/445/cifs


The remote host is missing KB2677070 / KB2813430 or the
Rvkroots.exe update package.
87875 - MS KB3123479: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
-
Synopsis
The remote Windows host is missing an update that improves cryptography and digital certificate handling.
Description
The remote Windows host is missing Microsoft KB3123479, an update that restricts the use of certificates with SHA1 hashes, this restriction being limited to certificates issued under roots in the Microsoft root certificate program. This update increases the difficulty of carrying out some spoofing, phishing, and man-in-the-middle attacks.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
STIG Severity
I
References
MSKB 3123479
XREF IAVB:2016-B-0018-S
Plugin Information
Published: 2016/01/12, Modified: 2021/06/03
Plugin Output

tcp/445/cifs


It appears KB3123479 has not been installed since the following
registry key does not exist and/or does not contain any of the following values :

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\default

WeakSha1ThirdPartyFlags
WeakSha1ThirdPartyAfterTime
51909 - MS11-009: Vulnerability in JScript and VBScript Scripting Engine Could Allow Information Disclosure (2475792)
-
Synopsis
An information disclosure vulnerability exists in the JScript and VBscript engines.
Description
The installed versions of the VBScript and JScript Scripting Engines allow an attacker to obtain sensitive information by enticing a user into visiting a specially crafted website.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
Medium
VPR Score
2.7
EPSS Score
0.3467
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 46139
CVE CVE-2011-0031
MSKB 2475792
XREF MSFT:MS11-009
Plugin Information
Published: 2011/02/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2475792
- C:\Windows\system32\Jscript.dll has not been patched.
Remote version : 5.8.7601.17514
Should be : 5.8.7601.17535
53383 - MS11-026: Vulnerability in MHTML Could Allow Information Disclosure (2503658)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
A flaw exists in the way MHTML interprets MIME-formatted requests for content blocks within a document. An attacker, exploiting this flaw, could cause a victim to run malicious scripts when visiting various web sites, resulting in information disclosure.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
6.2
EPSS Score
0.7014
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 46055
CVE CVE-2011-0096
MSKB 2503658
XREF CERT:326549
XREF EDB-ID:16071
XREF Secunia:43093
XREF MSFT:MS11-026
Plugin Information
Published: 2011/04/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2503658
- C:\Windows\system32\Inetcomm.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17574
53384 - MS11-027: Cumulative Security Update of ActiveX Kill Bits (2508272)
-
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.
Description
The remote Windows host has one or more ActiveX controls installed that could be abused to execute arbitrary code remotely if a user can be tricked into viewing a malicious web page using Internet Explorer.

Three of these controls are from Microsoft itself while the others are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
9.4
EPSS Score
0.7835
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.4 (CVSS2#E:H/RL:OF/RC:C)
References
BID 40490
BID 40689
BID 45546
BID 47091
BID 47197
CVE CVE-2010-0811
CVE CVE-2010-2193
CVE CVE-2010-3973
CVE CVE-2011-1205
CVE CVE-2011-1243
MSKB 2508272
XREF CERT:725596
XREF MSFT:MS11-027
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2011/04/13, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The kill bit has not been set for the following control :

{1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1}

Note that Nessus did not check whether there were other kill bits
that have not been set because the "Perform thorough tests" setting
was not enabled when this scan was run.
55117 - MS11-037: Vulnerability in MHTML Could Allow Information Disclosure (2544893)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
A flaw exists in the way MHTML interprets MIME-formatted requests for content blocks within a document. By exploiting the flaw, an attacker could cause a victim to run malicious scripts when visiting various websites that could result in information disclosure.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
6.2
EPSS Score
0.2011
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 48205
CVE CVE-2011-1894
MSKB 2544893
XREF MSFT:MS11-037
XREF IAVB:2011-B-0065
Plugin Information
Published: 2011/06/15, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2544893
- C:\Windows\system32\Inetcomm.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17609
55572 - MS11-056: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
-
Synopsis
Users can elevate their privileges on the remote host.
Description
The remote host allows elevation of privileges in its Windows Client/Server run-time subsystem (CSRSS). An attacker could exploit these vulnerabilities to run arbitrary code in kernel mode. The attacker must have valid login credentials and be able to log on locally in order to exploit these vulnerabilities.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
7.4
EPSS Score
0.0312
CVSS v2.0 Base Score
6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:F/RL:OF/RC:C)
References
BID 48588
BID 48598
BID 48604
BID 48605
BID 48606
CVE CVE-2011-1281
CVE CVE-2011-1282
CVE CVE-2011-1283
CVE CVE-2011-1284
CVE CVE-2011-1870
MSKB 2507938
XREF MSFT:MS11-056
Exploitable With
Core Impact (true)
Plugin Information
Published: 2011/07/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2507938
- C:\Windows\system32\Winsrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17617
55799 - MS11-069: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
-
Synopsis
The Microsoft .NET Framework install on the remote host is affected by an improper validation vulnerability.
Description
The remote Windows host is running a version of the Microsoft .NET Framework that improperly validates the trust level within the System.Net.Sockets namespace. A remote attacker could exploit this issue by tricking a user into viewing a specially crafted XML file, resulting in information disclosure or partial denial of service.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0, 3.5.1, and 4.
Risk Factor
Medium
VPR Score
3.4
EPSS Score
0.1861
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 48991
CVE CVE-2011-1978
MSKB 2539631
MSKB 2539633
MSKB 2539634
MSKB 2539635
MSKB 2539636
XREF MSFT:MS11-069
Plugin Information
Published: 2011/08/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5447
57474 - MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
-
Synopsis
It may be possibe to obtain sensitive information from the remote Windows host using the Secure Channel security package.
Description
The remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
See Also
Solution
Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
2.9
EPSS Score
0.0462
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 49778
CVE CVE-2011-3389
MSKB 2585542
MSKB 2638806
XREF CERT:864643
XREF MSFT:MS12-006
XREF IAVB:2012-B-0006
XREF CEA-ID:CEA-2019-0547
Plugin Information
Published: 2012/01/10, Modified: 2022/12/05
Plugin Output

tcp/445/cifs



KB : 2585542
- C:\Windows\system32\Schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17725
58330 - MS12-018: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
-
Synopsis
The remote Windows kernel is affected by a privilege escalation vulnerability.
Description
The remote Windows host contains a flaw in the way the kernel-mode driver manages the PostMessage function. This flaw could allow an attacker to run arbitrary code in kernel mode.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0159
CVSS v2.0 Base Score
6.6 (CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
4.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 52317
CVE CVE-2012-0157
MSKB 2641653
XREF MSFT:MS12-018
Plugin Information
Published: 2012/03/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2641653
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17772
59040 - MS12-032: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
-
Synopsis
The remote Windows host has multiple elevation of privilege vulnerabilities.
Description
The remote Windows host is affected by multiple elevation of privilege vulnerabilities :

- A flaw in the way outbound broadcast packets are handled could be utilized by an attacker to bypass the Windows Firewall defense-in-depth mechanism. (CVE-2012-0174)

- The TCP/IP stack is susceptible to an elevation of privilege vulnerability that is caused when the Windows TCP/IP stack fails to properly handle the binding of IPv6 addresses. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with administrator privileges.
(CVE-2012-0179)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
5.8
EPSS Score
0.0096
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 53349
BID 53352
CVE CVE-2012-0174
CVE CVE-2012-0179
MSKB 2688338
XREF MSFT:MS12-032
Plugin Information
Published: 2012/05/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2688338
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17802
59041 - MS12-033: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
-
Synopsis
The remote Windows host has an elevation of privilege vulnerability.
Description
The remote Windows host has an elevation of privilege vulnerability due to a flaw in the way the Windows Partition Manager handles device relations requests. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with administrator privileges.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0048
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 53378
CVE CVE-2012-0178
MSKB 2690533
XREF MSFT:MS12-033
XREF IAVB:2012-B-0052
Plugin Information
Published: 2012/05/09, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2690533
- C:\Windows\system32\drivers\partmgr.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17796
59912 - MS12-049: Vulnerability in TLS Could Allow Information Disclosure (2655992)
-
Synopsis
The remote Windows host has an information disclosure vulnerability.
Description
A design flaw in the CBC mode of operation on the TLS protocol can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
1.4
EPSS Score
0.0974
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 54304
CVE CVE-2012-1870
MSKB 2655992
XREF MSFT:MS12-049
XREF IAVA:2012-A-0108
Plugin Information
Published: 2012/07/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2655992
- C:\Windows\system32\Schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17856
62464 - MS12-069: Vulnerability in Kerberos Could Allow Denial of Service (2743555)
-
Synopsis
The remote implementation of Kerberos is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a vulnerability that could result in a denial of service if a remote attacker sends a specially crafted session request to the Kerberos server.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.6133
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 55778
CVE CVE-2012-2551
MSKB 2743555
XREF MSFT:MS12-069
XREF IAVB:2012-B-0103
Plugin Information
Published: 2012/10/10, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2743555
- C:\Windows\system32\kerberos.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17926
63230 - MS12-083: Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
-
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.
Description
A security feature bypass vulnerability exists in Windows due to the way the IP-HTTPS Component handles certificates. The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments. To exploit the vulnerability, the attacker must use a certificate issued from the domain for IP-HTTPS server authentication.

Successful exploitation of this vulnerability could allow the attacker to bypass certificate validation checks. Logging on to a system inside the organization would still require system or domain credentials.
See Also
Solution
Microsoft has released a set of patches for Windows 2008 R2 and 2012.
Risk Factor
Medium
VPR Score
3.7
EPSS Score
0.0914
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 56840
CVE CVE-2012-2549
MSKB 2765809
XREF MSFT:MS12-083
XREF IAVB:2012-B-0122
Plugin Information
Published: 2012/12/11, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2765809
- C:\Windows\system32\iphlpsvc.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.17989
64577 - MS13-016: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
-
Synopsis
The Windows kernel on the remote host is affected by multiple race condition vulnerabilities.
Description
The Windows kernel on the remote host has several race condition vulnerabilities. A local attacker could exploit any of these vulnerabilities to elevate privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.0059
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 57786
BID 57791
BID 57792
BID 57793
BID 57794
BID 57795
BID 57796
BID 57797
BID 57798
BID 57799
BID 57800
BID 57801
BID 57802
BID 57803
BID 57804
BID 57805
BID 57806
BID 57807
BID 57808
BID 57809
BID 57810
BID 57811
BID 57812
BID 57813
BID 57814
BID 57815
BID 57816
BID 57817
BID 57818
BID 57819
CVE CVE-2013-1248
CVE CVE-2013-1249
CVE CVE-2013-1250
CVE CVE-2013-1251
CVE CVE-2013-1252
CVE CVE-2013-1253
CVE CVE-2013-1254
CVE CVE-2013-1255
CVE CVE-2013-1256
CVE CVE-2013-1257
CVE CVE-2013-1258
CVE CVE-2013-1259
CVE CVE-2013-1260
CVE CVE-2013-1261
CVE CVE-2013-1262
CVE CVE-2013-1263
CVE CVE-2013-1264
CVE CVE-2013-1265
CVE CVE-2013-1266
CVE CVE-2013-1267
CVE CVE-2013-1268
CVE CVE-2013-1269
CVE CVE-2013-1270
CVE CVE-2013-1271
CVE CVE-2013-1272
CVE CVE-2013-1273
CVE CVE-2013-1274
CVE CVE-2013-1275
CVE CVE-2013-1276
CVE CVE-2013-1277
MSKB 2778344
XREF MSFT:MS13-016
Plugin Information
Published: 2013/02/12, Modified: 2019/12/04
Plugin Output

tcp/445/cifs



KB : 2778344
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18043
65878 - MS13-031: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows kernel on the remote host is affected by multiple race condition vulnerabilities, when the Windows kernel improperly handles objects in memory.

A local attacker could exploit any of these vulnerabilities to elevate privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.0022
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 58861
BID 58862
CVE CVE-2013-1284
CVE CVE-2013-1294
MSKB 2813170
XREF MSFT:MS13-031
Plugin Information
Published: 2013/04/10, Modified: 2019/11/27
Plugin Output

tcp/445/cifs



KB : 2813170
- C:\Windows\system32\Ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18113
65883 - MS13-036: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2829996)
-
Synopsis
The Windows kernel on the remote host is affected by multiple vulnerabilities.
Description
The Windows kernel on the remote host has the following vulnerabilities :

- Multiple race condition vulnerabilities exist.
(CVE-2013-1283, CVE-2013-1292)

- A font parsing vulnerability exists. (CVE-2013-1291)

- An NTFS NULL pointer dereference vulnerability exists.
(CVE-2013-1293)

A local attacker could exploit any of these vulnerabilities to elevate privileges.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Medium
VPR Score
6.7
EPSS Score
0.1793
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.7 (CVSS2#E:F/RL:OF/RC:C)
References
BID 58853
BID 58858
BID 58859
BID 58860
CVE CVE-2013-1283
CVE CVE-2013-1291
CVE CVE-2013-1292
CVE CVE-2013-1293
MSKB 2808735
MSKB 2840149
XREF MSFT:MS13-036
Exploitable With
Core Impact (true)
Plugin Information
Published: 2013/04/10, Modified: 2019/11/27
Plugin Output

tcp/445/cifs



KB : 2808735
- C:\Windows\system32\Win32k.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18105

KB : 2840149
- C:\Windows\system32\drivers\Ntfs.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18127
69836 - MS13-077: Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
-
Synopsis
The remote host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is potentially affected by a privilege escalation vulnerability in the Windows Service Control Manager.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0046
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 62182
CVE CVE-2013-3862
MSKB 2872339
XREF MSFT:MS13-077
XREF IAVB:2013-B-0103
Plugin Information
Published: 2013/09/11, Modified: 2019/11/27
Plugin Output

tcp/445/cifs



KB : 2872339
- C:\Windows\system32\kernel32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18229
70851 - MS13-093: Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
-
Synopsis
The remote Windows host contains a driver that allows information disclosure.
Description
The remote Windows host contains a version of the Ancillary Function Driver (afd.sys) that has a flaw that could allow a local attacker to obtain information from a higher privileged account.
See Also
Solution
Microsoft has released a set of patches for Windows XP x64, 2003, Vista, 2008 SP2, 7, 2008 R2, 8, and 2012.
Risk Factor
Medium
VPR Score
4.2
EPSS Score
0.0043
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 63545
CVE CVE-2013-3887
MSKB 2875783
XREF MSFT:MS13-093
Plugin Information
Published: 2013/11/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2875783
- C:\Windows\system32\drivers\Afd.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18272
70853 - MS13-095: Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to the way affected web services process specially crafted X.509 certificates. By exploiting this flaw, a remote, unauthenticated attacker could crash the affected service.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008 SP2, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.0806
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 63561
CVE CVE-2013-3869
MSKB 2868626
XREF MSFT:MS13-095
XREF IAVB:2013-B-0128
Plugin Information
Published: 2013/11/13, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2868626
- C:\Windows\system32\crypt32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18277
73416 - MS14-019: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
-
Synopsis
The remote Windows host is potentially affected by a remote code execution vulnerability.
Description
The remote Windows host is potentially affected by a vulnerability in the way that Windows processes .bat and .cmd files that could allow remote code execution if a user is convinced to run a specially crafted .bat or .cmd file. When exploiting this vulnerability, an attacker could gain the same user permissions as the current user.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
6.7
EPSS Score
0.2964
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 66619
CVE CVE-2014-0315
MSKB 2922229
XREF MSFT:MS14-019
Plugin Information
Published: 2014/04/08, Modified: 2019/11/26
Plugin Output

tcp/445/cifs



KB : 2922229
- C:\Windows\system32\kernel32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18409
74423 - MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability due to the Windows TCP/IP stack improperly handling certain traffic. An attacker could exploit this vulnerability by sending a sequence of specially crafted TCP packets to cause a target system to stop responding until it is restarted.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
5.1
EPSS Score
0.3342
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
BID 67888
CVE CVE-2014-1811
MSKB 2957189
MSKB 2961858
XREF MSFT:MS14-031
XREF IAVA:2014-A-0081
Exploitable With
Core Impact (true)
Plugin Information
Published: 2014/06/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2957189
- C:\Windows\system32\drivers\tcpip.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18438
74425 - MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
-
Synopsis
The remote host is affected by an information disclosure vulnerability.
Description
The remote host contains a version of Microsoft XML Core Services that is affected by an information disclosure vulnerability. An attacker could exploit this issue by convincing a user to visit a specially crafted website, allowing the attacker to read files on the local user's file system or the content of web domains where the user is currently authenticated.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1 and 2012 R2.
Risk Factor
Medium
VPR Score
2.7
EPSS Score
0.1085
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 67895
CVE CVE-2014-1816
MSKB 2939576
MSKB 2957482
MSKB 2966631
XREF MSFT:MS14-033
Plugin Information
Published: 2014/06/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 2939576
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.18431
77164 - MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by a security feature bypass vulnerability.
Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1.
Risk Factor
Medium
VPR Score
2.5
EPSS Score
0.1696
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 69145
CVE CVE-2014-4062
MSKB 2937608
MSKB 2943344
MSKB 2966825
MSKB 2966827
MSKB 2966826
MSKB 2966828
MSKB 2937610
MSKB 2943357
XREF MSFT:MS14-046
XREF IAVA:2014-A-0128-S
Plugin Information
Published: 2014/08/12, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.xml.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5483
77573 - MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by a denial of service vulnerability.
Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to cause a denial of service by sending specially crafted requests to an ASP.NET web application running on the affected system.

Note that ASP.NET is not installed by default and ASP.NET must be registered and enabled for the host to be affected.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.3963
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 69603
CVE CVE-2014-4072
MSKB 2972207
MSKB 2972211
MSKB 2972212
MSKB 2972213
MSKB 2972214
MSKB 2972215
MSKB 2972216
MSKB 2973112
MSKB 2973113
MSKB 2973114
MSKB 2973115
MSKB 2974268
MSKB 2974269
MSKB 2977765
MSKB 2977766
XREF MSFT:MS14-053
Plugin Information
Published: 2014/09/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34234

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5485
79131 - MS14-071: Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a vulnerability in the Windows Audio service component that allows privilege escalation. A remote attacker could exploit this vulnerability to elevate privileges but not execute code.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
2.7
EPSS Score
0.0737
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 70978
CVE CVE-2014-6322
MSKB 3005607
XREF MSFT:MS14-071
XREF IAVA:2014-A-0169
Plugin Information
Published: 2014/11/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3005607
- C:\Windows\system32\audiosrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18619
79134 - MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
-
Synopsis
The remote Windows host is affected by a security bypass vulnerability.
Description
The remote Windows host is running Remote Desktop Protocol, which does not properly log failed logon attempts, thus allowing attackers to bypass the audit logon security feature.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
4.5
EPSS Score
0.316
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 70981
CVE CVE-2014-6318
MSKB 3003743
XREF MSFT:MS14-074
XREF IAVB:2014-B-0148
Plugin Information
Published: 2014/11/12, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 3003743
- C:\Windows\system32\Adtschema.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18637
79834 - MS14-085: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The version of the Microsoft Graphics Component installed on the remote host is affected by an information disclosure vulnerability due to the way JPEG content is decoded. A remote attacker can exploit this vulnerability by convincing a user to browse to a website containing specially crafted JPEG content, resulting in the disclosure of information that can aid in further attacks.
See Also
Solution
Microsoft has released a set of patches for Windows Server 2003, Vista, Server 2008, 7, Server 2008 R2, 8, 8.1, Server 2012, and Server 2012 R2.
Risk Factor
Medium
VPR Score
5.7
EPSS Score
0.1329
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 71502
CVE CVE-2014-6355
MSKB 3013126
XREF MSFT:MS14-085
Plugin Information
Published: 2014/12/09, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 3013126
- C:\Windows\system32\WindowsCodecs.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18658
80494 - MS15-005: Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
-
Synopsis
The remote Windows host is affected by a security bypass vulnerability.
Description
The Network Location Awareness (NLA) service on the remote host is affected by a security bypass vulnerability due to a failure to validate whether it is connected to a trusted domain or an untrusted network. This could cause the system to unintentionally configure applications insecurely (e.g. the firewall policy) when connecting to an untrusted network. An attacker on the same network can exploit this by spoofing responses to DNS or LDAP requests made by the targeted system.

Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this vulnerability.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
3.5
EPSS Score
0.128
CVSS v2.0 Base Score
6.1 (CVSS2#AV:A/AC:L/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
4.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 71930
CVE CVE-2015-0006
MSKB 3022777
XREF MSFT:MS15-005
XREF IAVB:2015-B-0004
Plugin Information
Published: 2015/01/13, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 3022777
- C:\Windows\system32\Nlasvc.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18685
81269 - MS15-016: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The version of Microsoft's Graphics Component installed on the remote host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted TIFF image format files. A remote attacker can exploit this vulnerability by convincing a user to browse to a website containing specially crafted TIFF image content, resulting in the disclosure of information.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
3.4
EPSS Score
0.2256
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 72456
CVE CVE-2015-0061
MSKB 3029944
XREF MSFT:MS15-016
Plugin Information
Published: 2015/02/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3029944
- C:\Windows\system32\WindowsCodecs.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18716
81738 - MS15-024: Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The remote Windows host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted PNG image format files. A remote attacker can exploit this vulnerability by convincing a user to visit a website containing specially crafted PNG image content, resulting in the disclosure of information.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
3.5
EPSS Score
0.1039
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 72909
CVE CVE-2015-0080
MSKB 3035132
XREF MSFT:MS15-024
XREF IAVB:2015-B-0036
Plugin Information
Published: 2015/03/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3035132
- C:\Windows\system32\WindowsCodecs.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18741
81743 - MS15-029: Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The version of Microsoft's Photo Decoder Component installed on the remote Windows host is affected by an information disclosure vulnerability due to improperly handled uninitialized memory when parsing specially crafted JPEG XR (.JXR) image format files. A remote attacker can exploit this vulnerability by convincing a user to visit a website containing specially crafted JPEG image content, resulting in the disclosure of information.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
5.7
EPSS Score
0.095
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 72918
CVE CVE-2015-0076
MSKB 3035126
XREF MSFT:MS15-029
XREF IAVB:2015-B-0034
Plugin Information
Published: 2015/03/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3035126
- C:\Windows\system32\wmphoto.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18742
81745 - MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK)
-
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.
Description
The remote Windows host is affected by a security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
4.4
EPSS Score
0.4372
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 72965
CVE CVE-2015-1637
MSKB 3046049
XREF CERT:243585
XREF MSFT:MS15-031
Plugin Information
Published: 2015/03/10, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3046049
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18779
82775 - MS15-039: Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
-
Synopsis
The remote host is affected by a security bypass vulnerability.
Description
The remote host contains a version of Microsoft XML Core Services (MSXML) that is affected by a same-origin policy security bypass vulnerability. A remote attacker can exploit this vulnerability by convincing a user to click a specially crafted link, resulting in the disclosure of sensitive user information, such as credentials and arbitrary files.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, and 2008 R2.
Risk Factor
Medium
VPR Score
3.4
EPSS Score
0.2807
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74009
CVE CVE-2015-1646
MSKB 3046482
XREF MSFT:MS15-039
Plugin Information
Published: 2015/04/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3046482
- C:\Windows\system32\Msxml3.dll has not been patched.
Remote version : 8.110.7601.17514
Should be : 8.110.7601.18782
83355 - MS15-050: Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability in Windows Service Control Manager (SCM) due to improper verification of impersonation levels. A local attacker can exploit this, via a specially crafted application, to escalate their privileges and make calls to SCM for which they lack sufficient privilege.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0227
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 74492
CVE CVE-2015-1702
MSKB 3055642
XREF MSFT:MS15-050
XREF IAVA:2015-A-0107
Plugin Information
Published: 2015/05/12, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3055642
- C:\Windows\system32\services.exe has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18829
83360 - MS15-055: Vulnerability in Schannel Could Allow Information Disclosure (3061518)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The remote Windows host is affected by an information disclosure vulnerability due to Secure Channel (Schannel) allowing the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Usage of weak keys can result in vulnerable key exchanges that are susceptible to various attacks.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
4.2
EPSS Score
0.1748
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74489
CVE CVE-2015-1716
MSKB 3061518
XREF MSFT:MS15-055
Plugin Information
Published: 2015/05/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3061518
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18843
84057 - MS15-063: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user-supplied input to the Microsoft Windows LoadLibrary. A remote attacker can exploit this vulnerability by convincing a user to place a specially crafted dynamic linked library (dll) file in a local directory or network share, and then by convincing a user to run an application that uses the malicious library, resulting in an elevation of privilege to full administrative rights.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0314
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 75004
CVE CVE-2015-1758
MSKB 3063858
XREF MSFT:MS15-063
XREF IAVA:2015-A-0122
Plugin Information
Published: 2015/06/09, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3063858
- C:\Windows\system32\kernel32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18847
84745 - MS15-074: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
-
Synopsis
The remote Windows host is affected by a privilege escalation vulnerability.
Description
The version of Windows Installer Service installed on the remote Windows host is missing Cumulative Security Update 3072630. It is, therefore, affected by an elevation of privilege vulnerability in the Windows Installer service due to improperly running customized action scripts. A local attacker, using specially crafted code that gets executed by a vulnerable .msi package, can exploit this vulnerability to gain elevated privileges.
See Also
Solution
Microsoft has released a set of patches for 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0068
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2015-2371
MSKB 3072630
XREF MSFT:MS15-074
Plugin Information
Published: 2015/07/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3072630
- C:\Windows\system32\msi.dll has not been patched.
Remote version : 5.0.7601.17514
Should be : 5.0.7601.18896
84741 - MS15-075: Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
-
Synopsis
The remote Windows host is affected by multiple elevation of privilege vulnerabilities.
Description
Multiple elevation of privilege vulnerabilities exist in Microsoft Windows OLE due to a failure to properly validate user input. An attacker can exploit these, in conjunction with other vulnerabilities, to execute arbitrary code on an affected system with the permissions of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
4.4
EPSS Score
0.1367
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2015-2416
CVE CVE-2015-2417
MSKB 3072633
XREF MSFT:MS15-075
XREF IAVA:2015-A-0169
Plugin Information
Published: 2015/07/14, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3072633
- C:\Windows\system32\ole32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18915
85335 - MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
-
Synopsis
The remote host is affected by multiple information disclosure vulnerabilities.
Description
The remote Windows host contains a version of Microsoft XML Core Services (MSXML) that is affected by multiple information disclosure vulnerabilities :

- An information disclosure vulnerability exists in XML Core Services (MSXML) due to the use of Secure Sockets Layer (SSL) 2.0. A man-in-the-middle attacker can exploit this vulnerability by forcing an encrypted SSL 2.0 session and then decrypting the resulting network traffic. (CVE-2015-2434, CVE-2015-2471)

- An information disclosure vulnerability exists in XML Core Services (MSXML) due to exposing sensitive memory addresses. A remote attacker, using a specially crafted website, can exploit this to bypass ASLR and gain access to private data. (CVE-2015-2440)
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, 2012 R2, RT, RT 8.1, Office 2007 SP3, and InfoPath 2007 SP3.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.3153
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 76229
BID 76232
BID 76257
CVE CVE-2015-2434
CVE CVE-2015-2440
CVE CVE-2015-2471
MSKB 2825645
MSKB 3076895
XREF MSFT:MS15-084
XREF IAVB:2015-B-0098
Plugin Information
Published: 2015/08/11, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3076895
- C:\Windows\system32\msxml6.dll has not been patched.
Remote version : 6.30.7601.17514
Should be : 6.30.7601.18923
85334 - MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The remote Windows host is affected by an information disclosure vulnerability when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
VPR Score
4.2
EPSS Score
0.1897
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 76202
CVE CVE-2015-2423
MSKB 3046017
MSKB 3079757
MSKB 3081436
XREF MSFT:MS15-088
XREF IAVA:2015-A-0197
Plugin Information
Published: 2015/08/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3079757
- C:\Windows\system32\shell32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18918
85846 - MS15-096: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability in Active Directory that is triggered during the handling of a saturation of account creations. An authenticated, remote attacker, with privileges to join machines to a domain, can exploit this vulnerability by creating multiple machine accounts, resulting in the Active Directory service becoming non-responsive.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.1729
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 76554
CVE CVE-2015-2535
MSKB 3072595
XREF MSFT:MS15-096
XREF IAVB:2015-B-0110
Plugin Information
Published: 2015/09/08, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3072595
- C:\Windows\system32\samsrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18956
86825 - MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)
-
Synopsis
The version of the .NET Framework installed on the remote host is affected by multiple vulnerabilities.
Description
The remote Windows host has a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the .NET Framework due to improper DTD parsing of crafted XML files. An unauthenticated, remote attacker can exploit this, via a malicious application file, to gain read access to the local files on the system.
(CVE-2015-6096)

- A cross-site scripting vulnerability exists in ASP.NET due to improper validation of values in HTTP requests.
An unauthenticated, remote attacker can exploit this to inject arbitrary script into the user's browser session.
(CVE-2015-6099)

- A security feature bypass vulnerability exists in the .NET Framework due to improper implementation of the Address Space Layout Randomization (ASLR) feature. An unauthenticated, remote attacker can exploit this, via crafted website content, to predict memory offsets in a call stack. (CVE-2015-6115)
See Also
Solution
Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2, and 4.6.
Risk Factor
Medium
VPR Score
3.8
EPSS Score
0.3295
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 77474
BID 77479
BID 77482
CVE CVE-2015-6096
CVE CVE-2015-6099
CVE CVE-2015-6115
MSKB 3097988
MSKB 3097989
MSKB 3097991
MSKB 3097992
MSKB 3097994
MSKB 3097995
MSKB 3097996
MSKB 3097997
MSKB 3097999
MSKB 3098000
MSKB 3098001
MSKB 3098778
MSKB 3098779
MSKB 3098780
MSKB 3098781
MSKB 3098784
MSKB 3098785
MSKB 3098786
MSKB 3105213
XREF MSFT:MS15-118
XREF IAVA:2015-A-0271-S
Plugin Information
Published: 2015/11/10, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.18446

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34280

- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll has not been patched.
Remote version : 2.0.50727.4927
Should be : 2.0.50727.5493

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34280
86827 - MS15-121: Security Update for Schannel to Address Spoofing (3081320)
-
Synopsis
The remote Windows host is affected by a spoofing vulnerability.
Description
The remote Windows host is affected by a spoofing vulnerability due to a weakness in the Secure Channel (SChannel) TLS protocol implementation. A man-in-the-middle attacker can exploit this vulnerability to impersonate a victim on any other server that uses the same credentials as those used between the client and server where the attack is initiated.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.
Risk Factor
Medium
VPR Score
4.0
EPSS Score
0.0741
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 77484
CVE CVE-2015-6112
MSKB 3081320
XREF MSFT:MS15-121
XREF IAVA:2015-A-0273
Plugin Information
Published: 2015/11/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



KB : 3081320
- C:\Windows\system32\schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19044
86828 - MS15-122: Security Update for Kerberos to Address Security Feature Bypass (3105256)
-
Synopsis
The remote Windows host is affected by a security feature bypass vulnerability.
Description
The remote Windows host is affected by a security feature bypass vulnerability in Kerberos due to a failure to check the password change of a user signing into a workstation. A remote attacker can exploit this vulnerability by connecting a workstation to a malicious Kerberos Key Distribution Center (KDC), resulting in the ability to decrypt drives protected by BitLocker.

Note that this vulnerability can only be exploited if the target system has BitLocker enabled without a PIN or USB key, and the computer is domain-joined.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
VPR Score
4.0
EPSS Score
0.0393
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 77475
CVE CVE-2015-6095
MSKB 3101246
MSKB 3105213
MSKB 3105211
XREF MSFT:MS15-122
XREF IAVA:2015-A-0278
Plugin Information
Published: 2015/11/10, Modified: 2025/03/12
Plugin Output

tcp/445/cifs



KB : 3101246
- C:\Windows\system32\Kerberos.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19043
88653 - MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a denial of service vulnerability in the Network Policy Server (NPS) due to improper handling of RADIUS authentication requests. An unauthenticated, remote attacker can exploit this, via specially crafted username strings, to cause a denial of service condition for RADIUS authentication on the NPS.
See Also
Solution
Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012, and 2012 R2.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.5317
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 82513
CVE CVE-2016-0050
MSKB 3133043
XREF MSFT:MS16-021
XREF IAVA:2016-A-0047
Plugin Information
Published: 2016/02/09, Modified: 2019/11/20
Plugin Output

tcp/445/cifs



KB : 3133043
- C:\Windows\system32\iassam.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.19114
89779 - MS16-033: Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
-
Synopsis
The remote host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows USB Mass Storage Class driver due to improper validation of objects in memory. A local attacker can exploit this, via a specially crafted USB device, to elevate privileges, allowing the execution of arbitrary code.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0039
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 84035
CVE CVE-2016-0133
MSKB 3139398
MSKB 3140745
MSKB 3140768
XREF MSFT:MS16-033
XREF IAVB:2016-B-0048
Plugin Information
Published: 2016/03/09, Modified: 2020/09/04
Plugin Output

tcp/445/cifs



KB : 3139398
None of the versions of 'USBSTOR.SYS' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.1.7601.19144
90440 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.0
EPSS Score
0.6027
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093
Plugin Information
Published: 2016/04/12, Modified: 2026/01/30
Plugin Output

tcp/445/cifs



KB : 3149090
- C:\Windows\system32\lsasrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19623

90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check)
-
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing the attacker to impersonate an authenticated user and access the SAM database.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.0
EPSS Score
0.6027
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 86002
CVE CVE-2016-0128
MSKB 3148527
MSKB 3149090
MSKB 3147461
MSKB 3147458
XREF MSFT:MS16-047
XREF CERT:813296
XREF IAVA:2016-A-0093
Plugin Information
Published: 2016/04/13, Modified: 2026/01/30
Plugin Output

tcp/49175/dce-rpc

91609 - MS16-082: Security Update for Microsoft Windows Search Component (3165270)
-
Synopsis
The remote host is affected by a denial of service vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a flaw in the Windows Search component due to improper handling of objects in memory. An authenticated attacker can exploit this to degrade server performance, resulting in a denial of service condition.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10
Risk Factor
Low
CVSS v3.0 Base Score
5.0 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
4.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.016
CVSS v2.0 Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
1.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 91113
CVE CVE-2016-3230
MSKB 3161958
MSKB 3163017
MSKB 3163018
XREF MSFT:MS16-082
XREF IAVB:2016-B-0100
Plugin Information
Published: 2016/06/14, Modified: 2019/11/19
Plugin Output

tcp/445/cifs



KB : 3161958
- C:\Windows\system32\structuredquery.dll has not been patched.
Remote version : 7.0.7601.17514
Should be : 7.0.7601.23451
94013 - MS16-124: Security Update for Windows Registry (3193227)
-
Synopsis
The remote host is affected by multiple information disclosure vulnerabilities.
Description
The remote Windows host is missing a security update. It is, therefore, affected by multiple information disclosure vulnerabilities in the kernel API that allow a local attacker, via a specially crafted application, to disclose sensitive registry information.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
6.6
EPSS Score
0.0679
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93354
BID 93355
BID 93356
BID 93357
CVE CVE-2016-0070
CVE CVE-2016-0073
CVE CVE-2016-0075
CVE CVE-2016-0079
MSKB 3185330
MSKB 3185331
MSKB 3185332
MSKB 3191256
MSKB 3192391
MSKB 3192392
MSKB 3192393
MSKB 3192440
MSKB 3192441
MSKB 3194798
XREF MSFT:MS16-124
XREF IAVA:2016-A-0282
Plugin Information
Published: 2016/10/12, Modified: 2026/01/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3185330
- 3192391

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23564
94009 - MS16-126: Security Update for Microsoft Internet Messaging API (3196067)
-
Synopsis
The remote host is affected by an information disclosure vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Internet Messaging API due to improper handling of objects in memory.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to enumerate the files on the disk drive.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2. Note that MS16-118 must also be installed to fully resolve CVE-2016-3298.
Risk Factor
Low
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
6.6
EPSS Score
0.2913
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
2.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
BID 93392
CVE CVE-2016-3298
MSKB 3196067
MSKB 3193515
MSKB 3192391
MSKB 3185330
XREF MSFT:MS16-126
XREF IAVB:2016-B-0150
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Plugin Information
Published: 2016/10/12, Modified: 2026/01/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3192391
- 3185330

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23564
94640 - MS16-139: Security Update for Windows Kernel (3199720)
-
Synopsis
The remote host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in the Windows kernel due to improper enforcement of API permissions. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7 and 2008 R2.
Risk Factor
Low
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.0 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0183
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 94048
CVE CVE-2016-7216
MSKB 3197867
MSKB 3197868
MSKB 3198483
XREF MSFT:MS16-139
XREF IAVA:2016-A-0315
Plugin Information
Published: 2016/11/08, Modified: 2019/11/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3197867
- 3197868

- C:\Windows\System32\ntoskrnl.exe has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23569
95770 - MS16-153: Security Update for Common Log File System Driver (3207328)
-
Synopsis
The remote host is affected by an information disclosure vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Windows Common Log File System (CLFS) due to improper handling of objects in memory. A local attacker can exploit this vulnerability, via a specially crafted application, to bypass security measures and disclose sensitive information.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
Low
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0071
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 94787
CVE CVE-2016-7295
MSKB 3203838
MSKB 3205400
MSKB 3205401
MSKB 3205408
MSKB 3205409
MSKB 3205394
MSKB 3207752
MSKB 3205383
MSKB 3206632
MSKB 3205386
XREF MSFT:MS16-153
XREF IAVA:2016-A-0351
Plugin Information
Published: 2016/12/13, Modified: 2026/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 3205394
- 3207752

- C:\Windows\System32\bcrypt.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.23601
97741 - MS17-016: Security Update for Windows IIS (4013074)
-
Synopsis
The remote Windows host is affected by a cross-site scripting vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
3.8
EPSS Score
0.0339
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 96622
CVE CVE-2017-0055
MSKB 4012373
MSKB 4012212
MSKB 4012215
MSKB 4012213
MSKB 4012216
MSKB 4012214
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-016
XREF IAVB:2017-B-0033
Plugin Information
Published: 2017/03/15, Modified: 2019/11/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
97742 - MS17-022: Security Update for Microsoft XML Core Services (4010321)
-
Synopsis
The remote host is affected by an information disclosure vulnerability.
Description
The remote Windows host is affected by an information disclosure vulnerability in Microsoft XML Core Services (MSXML) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to visit a specially crafted website, to test for the presence of files on disk.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
5.1
EPSS Score
0.4209
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
BID 96069
CVE CVE-2017-0022
MSKB 3216916
MSKB 4012212
MSKB 4012213
MSKB 4012214
MSKB 4012215
MSKB 4012216
MSKB 4012217
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-022
XREF IAVA:2017-A-0067
XREF CISA-KNOWN-EXPLOITED:2022/06/14
Plugin Information
Published: 2017/03/15, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689

108752 - ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities
-
Synopsis
The remote web server contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 9 prior to build 92027. It is, therefore, affected by multiple vulnerabilities including a remote code execution and three cross-site scripting vulnerabilities.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 9 build 92027 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.0
EPSS Score
0.0187
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2018/03/30, Modified: 2019/11/08
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9 Build 91084
Fixed version : 9 Build 92027

108752 - ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities
-
Synopsis
The remote web server contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 9 prior to build 92027. It is, therefore, affected by multiple vulnerabilities including a remote code execution and three cross-site scripting vulnerabilities.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 9 build 92027 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.0
EPSS Score
0.0187
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2018/03/30, Modified: 2019/11/08
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9 Build 91084
Fixed version : 9 Build 92027

108752 - ManageEngine Desktop Central 9 < Build 92027 Multiple Vulnerabilities
-
Synopsis
The remote web server contains a Java-based web application that is affected by multiple vulnerabilities.
Description
The ManageEngine Desktop Central application running on the remote host is version 9 prior to build 92027. It is, therefore, affected by multiple vulnerabilities including a remote code execution and three cross-site scripting vulnerabilities.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Desktop Central version 9 build 92027 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.0
EPSS Score
0.0187
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2018/03/30, Modified: 2019/11/08
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9 Build 91084
Fixed version : 9 Build 92027

216265 - ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2428.26 or prior to 11.3.2440.09. It is,therefore, affected by an insecure direct object references vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2428.26, 11.3.2440.09 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0003
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9097
XREF IAVA:2025-A-0115
Plugin Information
Published: 2025/02/14, Modified: 2025/10/23
Plugin Output

tcp/0


Path : C:\ManageEngine\DesktopCentral_Server
Installed version : 9.1.0
Fixed version : 11.3.2428.26

216265 - ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2428.26 or prior to 11.3.2440.09. It is,therefore, affected by an insecure direct object references vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2428.26, 11.3.2440.09 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0003
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9097
XREF IAVA:2025-A-0115
Plugin Information
Published: 2025/02/14, Modified: 2025/10/23
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Installed version : 9
Fixed version : 11.3.2428.26

216265 - ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2428.26 or prior to 11.3.2440.09. It is,therefore, affected by an insecure direct object references vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2428.26, 11.3.2440.09 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0003
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9097
XREF IAVA:2025-A-0115
Plugin Information
Published: 2025/02/14, Modified: 2025/10/23
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Installed version : 9
Fixed version : 11.3.2428.26

216265 - ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References
-
Synopsis
The remote ManageEngine Endpoint Central host is missing a security update.
Description
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2428.26 or prior to 11.3.2440.09. It is,therefore, affected by an insecure direct object references vulnerability. For more information, consult the vendor advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to ManageEngine Endpoint Central versions 11.3.2428.26, 11.3.2440.09 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0003
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9097
XREF IAVA:2025-A-0115
Plugin Information
Published: 2025/02/14, Modified: 2025/10/23
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Installed version : 9
Fixed version : 11.3.2428.26

111153 - MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU)
-
Synopsis
The remote database server is affected by multiple vulnerabilities.
Description
The version of MySQL running on the remote host is 5.5.x prior to 5.5.61. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to MySQL version 5.5.61 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.0 (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVSS v3.0 Temporal Score
4.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.2
EPSS Score
0.0078
CVSS v2.0 Base Score
4.9 (CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 103954
BID 104766
BID 104779
BID 104786
CVE CVE-2018-2767
CVE CVE-2018-3058
CVE CVE-2018-3063
CVE CVE-2018-3066
CVE CVE-2018-3070
CVE CVE-2018-3081
Plugin Information
Published: 2018/07/20, Modified: 2021/05/21
Plugin Output

tcp/0


Path : c:\wamp\bin\mysql\mysql5.5.20\bin\
Installed version : 5.5.20.0
Fixed version : 5.5.61
138561 - MySQL Denial of Service (Jul 2020 CPU)
-
Synopsis
The remote database server is affected by a denial of service vulnerability.
Description
The version of MySQL running on the remote host is 5.7.29 and prior or 8.0.19 and prior. It is, therefore, affected by a vulnerability, as noted in the July 2020 Critical Patch Update advisory:

A Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Refer to the vendor advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
4.9 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
4.3 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0037
CVSS v2.0 Base Score
4.0 (CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-14567
XREF IAVA:2020-A-0321-S
Plugin Information
Published: 2020/07/16, Modified: 2023/11/01
Plugin Output

tcp/0


Path : c:\wamp\bin\mysql\mysql5.5.20\bin\
Installed version : 5.5.20.0
Fixed version : 5.7.30

126821 - Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities:

- Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)

- An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745)

- Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)

- An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816)

- An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821)

- A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction.
(CVE-2019-7317)

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 12 Update 2 , 11 Update 4, 8 Update 221 / 7 Update 231 or later. If necessary, remove any affected versions.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0156
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.5 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 108098
BID 109184
BID 109185
BID 109186
BID 109187
BID 109188
BID 109189
BID 109201
BID 109206
BID 109210
BID 109212
CVE CVE-2019-2745
CVE CVE-2019-2762
CVE CVE-2019-2766
CVE CVE-2019-2769
CVE CVE-2019-2786
CVE CVE-2019-2816
CVE CVE-2019-2818
CVE CVE-2019-2821
CVE CVE-2019-2842
CVE CVE-2019-6129
CVE CVE-2019-7317
XREF IAVA:2019-A-0255
XREF CEA-ID:CEA-2021-0025
Plugin Information
Published: 2019/07/19, Modified: 2025/02/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.221 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.221 or greater
141800 - Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the October 2020 CPU advisory:

- Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java).
Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. (CVE-2020-14803)

- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
(CVE-2020-14792)

- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)


Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2020 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.3
EPSS Score
0.0025
CVSS v2.0 Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS v2.0 Temporal Score
4.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-14779
CVE CVE-2020-14781
CVE CVE-2020-14782
CVE CVE-2020-14792
CVE CVE-2020-14796
CVE CVE-2020-14797
CVE CVE-2020-14798
CVE CVE-2020-14803
XREF IAVA:2020-A-0477-S
XREF CEA-ID:CEA-2021-0004
Plugin Information
Published: 2020/10/22, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.271 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.271 or greater
145218 - Oracle Java SE 1.7.0_291 / 1.8.0_281 / 1.11.0_10 / 1.15.0_2 Information Disclosure (Windows Jan 2021 CPU)
-
Synopsis
The remote host is affected by an information disclosure vulnerability.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 291, 8 Update 281, 11 Update 10, or 15 Update 2. It is, therefore, affected by an information disclosure vulnerability as referenced in the January 2021 CPU advisory. Specifically, an unauthenticated, remote attacker can gain unauthorized read access to some data accessible to Java SE and Java SE Embedded. Only Java deployments that load and run untrusted code and rely on the Java sandbox for security are affected. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2021 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0006
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2020-14803
XREF CEA-ID:CEA-2021-0004
Plugin Information
Published: 2021/01/20, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.281 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.281 or greater
148960 - Oracle Java SE 1.7.0_301 / 1.8.0_291 / 1.11.0_11 / 1.16.0_1 Multiple Vulnerabilities (Apr 2021 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 301, 8 Update 291, 11 Update 11, or 16 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory:

- A vulnerability in Java SE, SE Embedded and Oracle GraalVM Enterprise Edition allows unauthenticated remote attacker to compromise the system which can result in an unauthorized creation, deletion or modification access to critical data. (CVE-2021-2161)

- A vulnerability in Java SE, SE Embedded and Oracle GraalVM Enterprise Edition allows unauthenticated remote attacker with a human interaction from a person other than the attacker to compromise the system which can result in an unauthorized creation, deletion or modification access to critical data. (CVE-2021-2163)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the April 2021 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0032
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.2 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-2161
CVE CVE-2021-2163
XREF IAVA:2021-A-0195
XREF CEA-ID:CEA-2021-0025
Plugin Information
Published: 2021/04/23, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.291 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.291 or greater
156887 - Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities (January 2022 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).
Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21349)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
(CVE-2022-21291)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
(CVE-2022-21305)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
2.2
EPSS Score
0.0646
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/01/20, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.321 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.321 or greater
156888 - Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities (Unix January 2022 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).
Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21349)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
(CVE-2022-21291)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
(CVE-2022-21305)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
2.2
EPSS Score
0.0646
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/01/20, Modified: 2024/04/10
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.321 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.321 or greater
161241 - Oracle Java SE Multiple Vulnerabilities (April 2022 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note:
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21449)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18;
Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21476)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:
JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21426)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.3433
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/05/17, Modified: 2024/11/27
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.331 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.331 or greater
170161 - Oracle Java SE Multiple Vulnerabilities (January 2023 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf;
Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
(CVE-2023-21830)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1;
Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
(CVE-2023-21835)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2023-21843)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2023 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.0009
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21830
CVE CVE-2023-21835
CVE CVE-2023-21843
XREF IAVA:2023-A-0042
Plugin Information
Published: 2023/01/19, Modified: 2023/01/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.361 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.361 or greater
214532 - Oracle Java SE Multiple Vulnerabilities (January 2025 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities
Description
The 8u431, 11.0.26, 17.0.14, 20.3.16, 21.0.5, 21.3.12, 23.0.2, and perf versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory.

- Vulnerability in Oracle Java SE (component: Install (Sparkle)). The supported version that is affected is Oracle Java SE: 8u431. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Only applies to the macOS autoupdater. (CVE-2025-0509)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.26, 17.0.14, 21.0.5, 23.0.2; Oracle GraalVM for JDK: 17.0.14, 21.0.5, 23.0.2; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-21502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the January 2025 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0003
CVSS v2.0 Base Score
7.2 (CVSS2#AV:A/AC:L/Au:M/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-0509
CVE CVE-2025-21502
XREF IAVA:2025-A-0049-S
Plugin Information
Published: 2025/01/23, Modified: 2025/08/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.441 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.441 or greater
202704 - Oracle Java SE Multiple Vulnerabilities (July2024 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2024-21147)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2024-21145)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2024-21140)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2024 Oracle Critical Patch Update advisory.
Risk Factor
High
CVSS v3.0 Base Score
4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
4.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.0
EPSS Score
0.0019
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/07/19, Modified: 2025/06/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.421 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.421 or greater
166316 - Oracle Java SE Multiple Vulnerabilities (October 2022 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory:

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2022-21618)

- VVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2022-21624)

- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2022-21626)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2022 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.9 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
2.2
EPSS Score
0.0021
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/10/20, Modified: 2023/10/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.351 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.351 or greater

66842 - PHP 5.3.x < 5.3.26 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.26. It is, therefore, potentially affected by the following vulnerabilities:

- An error exists in the function 'php_quot_print_encode'
in the file 'ext/standard/quot_print.c' that could allow a heap-based buffer overflow when attempting to parse certain strings (Bug #64879)

- An integer overflow error exists related to the value of 'JEWISH_SDN_MAX' in the file 'ext/calendar/jewish.c'
that could allow denial of service attacks. (Bug #64895)

Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.
See Also
Solution
Apply the vendor patch or upgrade to PHP version 5.3.26 or later.
Risk Factor
Medium
VPR Score
3.6
EPSS Score
0.1877
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 60411
BID 60731
CVE CVE-2013-2110
CVE CVE-2013-4635
Plugin Information
Published: 2013/06/07, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.26
67259 - PHP 5.3.x < 5.3.27 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the remote host is prior to 5.3.27. It is, therefore, potentially affected by the following vulnerabilities:

- A buffer overflow error exists in the function '_pdo_pgsql_error'. (Bug #64949)

- A heap corruption error exists in numerous functions in the file 'ext/xml/xml.c'. (CVE-2013-4113 / Bug #65236)

Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.
See Also
Solution
Apply the vendor patch or upgrade to PHP version 5.3.27 or later.
Risk Factor
Medium
VPR Score
3.4
EPSS Score
0.1902
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 61128
CVE CVE-2013-4113
Plugin Information
Published: 2013/07/12, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.27
58966 - PHP < 5.3.11 Multiple Vulnerabilities
-
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.
Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities :

- During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831)

- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated.
(CVE-2012-1172)

- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and 'readline_read_history'.

- The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)
See Also
Solution
Upgrade to PHP version 5.3.11 or later.
Risk Factor
Medium
VPR Score
6.7
EPSS Score
0.1605
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 51954
BID 53403
BID 55297
CVE CVE-2011-1398
CVE CVE-2012-0831
CVE CVE-2012-1172
Plugin Information
Published: 2012/05/02, Modified: 2025/05/26
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.11
152853 - PHP < 7.3.28 Email Header Injection
-
Synopsis
The version of PHP running on the remote web server is affected by an email header injection vulnerability.
Description
According to its self-reported version number, the version of PHP running on the remote web server is prior to 7.3.28.
It is, therefore affected by an email header injection vulnerability, due to a failure to properly handle CR-LF sequences in header fields. An unauthenticated, remote attacker can exploit this, by inserting line feed characters into email headers, to gain full control of email header content.
See Also
Solution
Upgrade to PHP version 7.3.28 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2021/08/26, Modified: 2025/05/26
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/ (5.3.10 under Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10)
Installed version : 5.3.10
Fixed version : 7.3.28
73289 - PHP PHP_RSHUTDOWN_FUNCTION Security Bypass
-
Synopsis
The remote web server uses a version of PHP that is potentially affected by a security bypass vulnerability.
Description
According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior to 5.3.11 or 5.4.x prior to 5.4.1 and thus, is potentially affected by a security bypass vulnerability.

An error exists related to the function 'PHP_RSHUTDOWN_FUNCTION' in the libxml extension and the 'stream_close' method that could allow a remote attacker to bypass 'open_basedir' protections and obtain sensitive information.

Note that this plugin has not attempted to exploit this issue, but has instead relied only on PHP's self-reported version number.
See Also
Solution
Upgrade to PHP version 5.3.11 / 5.4.1 or later.
Risk Factor
Medium
VPR Score
3.4
EPSS Score
0.0016
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 65673
CVE CVE-2012-1171
Plugin Information
Published: 2014/04/01, Modified: 2024/11/22
Plugin Output

tcp/8585/www


Version source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2, X-Powered-By: PHP/5.3.10
Installed version : 5.3.10
Fixed version : 5.3.11 / 5.4.1

18405 - Remote Desktop Protocol Server Man-in-the-Middle Weakness
-
Synopsis
It may be possible to get access to the remote host.
Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information transmitted, including authentication credentials.

This flaw exists because the RDP server stores a publicly known hard-coded RSA private key. Any attacker in a privileged network location can use the key for this attack.
See Also
Solution
- Force the use of SSL as a transport layer for this service if supported, or/and

- On Microsoft Windows operating systems, select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
VPR Score
2.5
EPSS Score
0.0427
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
3.8 (CVSS2#E:U/RL:OF/RC:C)
References
BID 13818
CVE CVE-2005-1794
Plugin Information
Published: 2005/06/01, Modified: 2022/08/24
Plugin Output

tcp/3389/msrdp

57608 - SMB Signing not required
-
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information
Published: 2012/01/19, Modified: 2022/10/05
Plugin Output

tcp/445/cifs

31705 - SSL Anonymous Cipher Suites Supported
-
Synopsis
The remote service supports the use of anonymous SSL ciphers.
Description
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of weak ciphers.
Risk Factor
Low
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.027
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 28482
CVE CVE-2007-1858
Plugin Information
Published: 2008/03/28, Modified: 2023/10/27
Plugin Output

tcp/8031


The following is a list of SSL anonymous ciphers supported by the remote TCP server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

31705 - SSL Anonymous Cipher Suites Supported
-
Synopsis
The remote service supports the use of anonymous SSL ciphers.
Description
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of weak ciphers.
Risk Factor
Low
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.027
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 28482
CVE CVE-2007-1858
Plugin Information
Published: 2008/03/28, Modified: 2023/10/27
Plugin Output

tcp/8443


The following is a list of SSL anonymous ciphers supported by the remote TCP server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/3389/msrdp


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=vagrant-2008R2
|-Issuer : CN=vagrant-2008R2

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/4848


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost
|-Not After : May 13 05:33:38 2023 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost
|-Issuer : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/8181


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost
|-Not After : May 13 05:33:38 2023 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost
|-Issuer : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/8383/www


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com
|-Not After : Sep 05 12:24:44 2020 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com
|-Issuer : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com

15901 - SSL Certificate Expiry
-
Synopsis
The remote server's SSL certificate has already expired.
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2004/12/03, Modified: 2025/12/08
Plugin Output

tcp/4848


The SSL certificate has already expired :

Subject : C=US, ST=California, L=Santa Clara, O=Oracle Corporation, OU=GlassFish, CN=localhost
Issuer : C=US, ST=California, L=Santa Clara, O=Oracle Corporation, OU=GlassFish, CN=localhost
Not valid before : May 15 05:33:38 2013 GMT
Not valid after : May 13 05:33:38 2023 GMT

15901 - SSL Certificate Expiry
-
Synopsis
The remote server's SSL certificate has already expired.
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2004/12/03, Modified: 2025/12/08
Plugin Output

tcp/8181


The SSL certificate has already expired :

Subject : C=US, ST=California, L=Santa Clara, O=Oracle Corporation, OU=GlassFish, CN=localhost
Issuer : C=US, ST=California, L=Santa Clara, O=Oracle Corporation, OU=GlassFish, CN=localhost
Not valid before : May 15 05:33:38 2013 GMT
Not valid after : May 13 05:33:38 2023 GMT

15901 - SSL Certificate Expiry
-
Synopsis
The remote server's SSL certificate has already expired.
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2004/12/03, Modified: 2025/12/08
Plugin Output

tcp/8383/www


The SSL certificate has already expired :

Subject : C=US, ST=CA, L=Pleasanton, O=Zoho Corporation, OU=ManageEngine, CN=Desktop Central, emailAddress=support@desktopcentral.com
Issuer : C=US, ST=CA, L=Pleasanton, O=Zoho Corporation, OU=ManageEngine, CN=Desktop Central, emailAddress=support@desktopcentral.com
Not valid before : Sep 8 12:24:44 2010 GMT
Not valid after : Sep 5 12:24:44 2020 GMT

35291 - SSL Certificate Signed Using Weak Hashing Algorithm
-
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
See Also
Solution
Contact the Certificate Authority to have the SSL certificate reissued.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.2
EPSS Score
0.0815
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
CVE CVE-2005-4900
XREF CERT:836068
XREF CWE:310
Plugin Information
Published: 2009/01/05, Modified: 2025/04/09
Plugin Output

tcp/3389/msrdp


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

Subject : CN=vagrant-2008R2
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Feb 10 19:09:42 2026 GMT
Valid To : Aug 12 19:09:42 2026 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC4DCCAcigAwIBAgIQEmHDTCILSrhHf/7WW1ifMDANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDEw52YWdyYW50LTIwMDhSMjAeFw0yNjAyMTAxOTA5NDJaFw0yNjA4MTIxOTA5NDJaMBkxFzAVBgNVBAMTDnZhZ3JhbnQtMjAwOFIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzgnzB3e6ffRNIzt8NNGhx43gvODrLI8ahLR1nb+3x9bwXc5wPeN0bkjqkT17QhNqGkDlsu9Avwpg00pzYl5lAy2XzshYHvWfWAlH8fwyIJ9+u/RqmG26ffKEcoOqkxt2W5s1yAD8lliw+BmklFLVQS8I85/O1ZvUhH95lTSer7v2Cz34e2F5Yirgfo+RmmDiQ5W0RBEZ+c0OrsVzcy1L/hz7JIgEK+XQ63RIaB/E3aJM1XJMiWyDBEvolxYcONaqvDkzg8RsFdAs4UFe0xPoyCHrqcUgc+W00r0G7QBGfhrBSaaEEEiL71uZRc6qGNIZAbUqmh3eY2nPLEUatKxkQIDAQABoyQwIjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBDAwDQYJKoZIhvcNAQEFBQADggEBALZ/rUCPm2TzAyQdd2cSi135RCDg6mfal2qylSiwn2/YsJ7QMNYdI9bBalwaH85u1A/sORNmEjS114E6N5YvYgrVnHmRijVQxiY56q83DZNZVBcreznZ/A5Z653WMZBmLiBWChmWn7Wcf7R39fKW6Oy5E2M/zMLlH3ZRvsJSzpgQTgSQMG7DP69noKaf53iY2iDFr/+x2Zo82ZofFrpqSrbEq/mCxfDVMHeVSaovfulA5fOA6WfJTe5T9Kv0lBw3CDXNITd7hhWgQNJEOU4pJ5hs1bRfVN8CiWLA1jy15XZoZMPy2aLEbPOy4XVOatCnORMCQ9U35B+M35S8+uH3sLs=
-----END CERTIFICATE-----

35291 - SSL Certificate Signed Using Weak Hashing Algorithm
-
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
See Also
Solution
Contact the Certificate Authority to have the SSL certificate reissued.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.2
EPSS Score
0.0815
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
CVE CVE-2005-4900
XREF CERT:836068
XREF CWE:310
Plugin Information
Published: 2009/01/05, Modified: 2025/04/09
Plugin Output

tcp/8383/www


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

Subject : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Sep 08 12:24:44 2010 GMT
Valid To : Sep 05 12:24:44 2020 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIID3TCCA0agAwIBAgIJAPWc73Hm23KlMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTClBsZWFzYW50b24xGTAXBgNVBAoTEFpvaG8gQ29ycG9yYXRpb24xFTATBgNVBAsTDE1hbmFnZUVuZ2luZTEYMBYGA1UEAxMPRGVza3RvcCBDZW50cmFsMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGRlc2t0b3BjZW50cmFsLmNvbTAeFw0xMDA5MDgxMjI0NDRaFw0yMDA5MDUxMjI0NDRaMIGmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTClBsZWFzYW50b24xGTAXBgNVBAoTEFpvaG8gQ29ycG9yYXRpb24xFTATBgNVBAsTDE1hbmFnZUVuZ2luZTEYMBYGA1UEAxMPRGVza3RvcCBDZW50cmFsMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGRlc2t0b3BjZW50cmFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+WAUuldwD3YKmlgJIoyFB0SuCkOngoUmkVmsPS/+LvKN09bPCa1BR0IXCKOSz2kOAayLsx0vMs2X9Jt74gk3WQIg59WYwtpKKried63w86mMWRayHe2uEGFArzNIKseZ0PpcNSqGPwgwKGTfrDuyCeFpDIOV24E1pUiwXgYNIDMCAwEAAaOCAQ8wggELMB0GA1UdDgQWBBT+f8zyBAnYqkN5OrIXXY5S4Eu/HjCB2wYDVR0jBIHTMIHQgBT+f8zyBAnYqkN5OrIXXY5S4Eu/HqGBrKSBqTCBpjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpQbGVhc2FudG9uMRkwFwYDVQQKExBab2hvIENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNYW5hZ2VFbmdpbmUxGDAWBgNVBAMTD0Rlc2t0b3AgQ2VudHJhbDEpMCcGCSqGSIb3DQEJARYac3VwcG9ydEBkZXNrdG9wY2VudHJhbC5jb22CCQD1nO9x5ttypTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEXoUjGeAGFqUEmrwcwKyJ3um3Yw+ViJWnuCtsiSipqlcj1Ip+/P5SN7RRR2MUUijiIZjnEguG7qr95qTuahPl8w+0nyfZVXm2yxkAwDSjuRP3pxAPUhkcXiA11jTnpeK3TCgX/Na+eBNQCGT2LosP5A8aFT5yXOF7T/hxnZybr1
-----END CERTIFICATE-----

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/4848


The identities known by Nessus are :

192.168.122.168
fe80::8900:cda8:fb3f:e1a1
vagrant-2008r2
192.168.122.168

The Common Name in the certificate is :

localhost

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/8181


The identities known by Nessus are :

192.168.122.168
fe80::8900:cda8:fb3f:e1a1
vagrant-2008r2
192.168.122.168

The Common Name in the certificate is :

localhost

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/8383/www


The identities known by Nessus are :

192.168.122.168
fe80::8900:cda8:fb3f:e1a1
vagrant-2008r2
192.168.122.168

The Common Name in the certificate is :

Desktop Central

65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
-
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:U/RL:X/RC:C)
VPR Score
7.3
EPSS Score
0.9032
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:U/RL:ND/RC:C)
References
BID 58796
BID 73684
CVE CVE-2013-2566
CVE CVE-2015-2808
Plugin Information
Published: 2013/04/05, Modified: 2025/05/09
Plugin Output

tcp/3389/msrdp


List of RC4 cipher suites supported by the remote server :

Unrecognized Ciphers

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS1_CK_RSA_WITH_RC4_128_MD5
TLS1_CK_RSA_WITH_RC4_128_SHA

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/3389/msrdp


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=vagrant-2008R2

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/4848


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8181


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=localhost

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8383/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/4848

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/8031

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/8181

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/8383/www

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/8443

TLSv1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Deprecated Protocol
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2024/05/14
Plugin Output

tcp/4848

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Deprecated Protocol
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2024/05/14
Plugin Output

tcp/8181

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Deprecated Protocol
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2024/05/14
Plugin Output

tcp/8383/www

TLSv1.1 is enabled and the server supports at least one cipher.

58453 - Terminal Services Doesn't Use Network Level Authentication (NLA) Only
-
Synopsis
The remote Terminal Services doesn't use Network Level Authentication only.
Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.
See Also
Solution
Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.
Risk Factor
Medium
CVSS v3.0 Base Score
4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2012/03/23, Modified: 2025/09/29
Plugin Output

tcp/3389/msrdp

Nessus was able to negotiate non-NLA (Network Level Authentication) security.
57690 - Terminal Services Encryption Level is Medium or Low
-
Synopsis
The remote host is using weak cryptography.
Description
The remote Terminal Services service is not configured to use strong cryptography.

Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more easily and obtain screenshots and/or keystrokes.
Solution
Change RDP encryption level to one of :

3. High

4. FIPS Compliant
Risk Factor
Medium
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2012/01/25, Modified: 2026/01/05
Plugin Output

tcp/3389/msrdp


The terminal services encryption level is set to :

2. Medium

132101 - Windows Speculative Execution Configuration Check
-
Synopsis
The remote host has not properly mitigated a series of speculative execution vulnerabilities.
Description
The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
- Intel Branch History Injection (BHI) (CVE-2022-0001)
See Also
Solution
Apply vendor recommended settings.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.5
EPSS Score
0.9433
CVSS v2.0 Base Score
5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 102371
BID 102378
BID 104232
BID 105080
BID 108330
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3639
CVE CVE-2018-3646
CVE CVE-2018-12126
CVE CVE-2018-12127
CVE CVE-2018-12130
CVE CVE-2019-11135
CVE CVE-2022-0001
XREF CEA-ID:CEA-2019-0547
XREF CEA-ID:CEA-2019-0324
Exploitable With
CANVAS (true) Core Impact (true)
Plugin Information
Published: 2019/12/18, Modified: 2026/01/09
Plugin Output

tcp/445/cifs

Current Settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set

-----------------------------------

Recommended Settings 1:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 3:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00802048 (8396872)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 4:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00800048 (8388680)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading enabled.
249179 - 7-Zip < 25.01
-
Synopsis
The remote host is missing a security update.
Description
The version of 7-Zip installed on the remote host is prior to 25.01. It is, therefore, affected by a security bypass vulnerability. The code for handling symbolic links has been changed to provide greater security when extracting files from archives. Command line switch -snld20 can be used to bypass default security checks when creating symbolic links.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 25.01 or later.
Risk Factor
Low
CVSS v3.0 Base Score
3.6 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
VPR Score
2.4
EPSS Score
0.0001
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)
STIG Severity
I
References
CVE CVE-2025-55188
XREF IAVA:2025-A-0572
Plugin Information
Published: 2025/08/13, Modified: 2025/08/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Installed version : 16.4.0.0
Fixed version : 25.01

10114 - ICMP Timestamp Request Remote Date Disclosure
-
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
Low
VPR Score
2.2
EPSS Score
0.0037
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 1999/08/01, Modified: 2024/10/07
Plugin Output

icmp/0

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is 53845 seconds.

78447 - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)
-
Synopsis
The remote host is affected by a remote information disclosure vulnerability.
Description
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008.

If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0.

If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0.

SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE'
issue.
See Also
Solution
Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
3.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
3.1 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.1
EPSS Score
0.9373
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.5 (CVSS2#E:POC/RL:TF/RC:C)
References
BID 70574
CVE CVE-2014-3566
MSKB 3009008
XREF CERT:577193
Plugin Information
Published: 2014/10/15, Modified: 2023/06/23
Plugin Output

tcp/445/cifs


The workaround to disable SSL 3.0 for all server software installed on
the remote host has not been applied.

The workaround to disable SSL 3.0 for all client software installed on
the remote host has not been applied.

The following users on the remote host have vulnerable IE settings :

S-1-5-21-3331990163-568474530-1720004626-1000 (SSLv3 Enabled)
81267 - MS15-014: Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
-
Synopsis
The remote Windows host is affected by a security downgrade vulnerability.
Description
The version of Windows running on the remote host is affected by a security downgrade vulnerability that affects workstations and servers configured to use Group Policy. A man-in-the-middle attacker, via modified domain controller responses sent to targeted systems, can cause the policy file to become corrupted and unreadable, resulting in the Group Policy settings reverting to their default, potentially less secure, state.
See Also
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Low
VPR Score
4.4
EPSS Score
0.0042
CVSS v2.0 Base Score
3.3 (CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
2.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 72476
CVE CVE-2015-0009
MSKB 3004361
XREF CERT:787252
XREF MSFT:MS15-014
XREF IAVB:2015-B-0017
Plugin Information
Published: 2015/02/10, Modified: 2019/11/25
Plugin Output

tcp/445/cifs



KB : 3004361
- C:\Windows\system32\scesrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18686
81742 - MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
-
Synopsis
The remote Windows host is affected by a security bypass vulnerability.
Description
The remote Windows host is affected by a security bypass vulnerability due to Windows Task Scheduler not properly validating and enforcing impersonation levels. Attackers can exploit this flaw to elevate privileges in order to execute files they have no permission to run.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Low
VPR Score
3.6
EPSS Score
0.0048
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
1.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 72913
CVE CVE-2015-0084
MSKB 3030377
XREF MSFT:MS15-028
XREF IAVB:2015-B-0037
Plugin Information
Published: 2015/03/10, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3030377
- C:\Windows\system32\ubpm.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18741
82777 - MS15-041: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
-
Synopsis
The version of the Microsoft .NET Framework installed on the remote host is affected by an information disclose vulnerability.
Description
The remote Windows host has a version of the Microsoft .NET Framework installed that is affected by an information disclosure vulnerability due to improper handling of requests on web servers that have custom error messages disabled. A remote, unauthenticated attacker can exploit this issue, via a specially crafted web request, to elicit an error message containing information that was not intended to be accessible.
See Also
Solution
Microsoft has released a set of patches for .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.
Risk Factor
Low
VPR Score
3.4
EPSS Score
0.3482
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
BID 74010
CVE CVE-2015-1648
MSKB 3037572
MSKB 3037573
MSKB 3037574
MSKB 3037575
MSKB 3037576
MSKB 3037577
MSKB 3037578
MSKB 3037579
MSKB 3037580
MSKB 3037581
XREF MSFT:MS15-041
XREF IAVA:2015-A-0089-S
Plugin Information
Published: 2015/04/14, Modified: 2020/05/15
Plugin Output

tcp/445/cifs



- C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll has not been patched.
Remote version : 2.0.50727.5420
Should be : 2.0.50727.5491

- C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll has not been patched.
Remote version : 4.0.30319.18408
Should be : 4.0.30319.34249
83363 - MS15-054: Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)
-
Synopsis
The remote Windows host is affected by a denial of service vulnerability.
Description
The remote Windows host is affected by a flaw due to a failure to properly validate a destination buffer when retrieving icon information from a specially crafted Microsoft Management Console (.msc) file. An unauthenticated, remote attacker, by tricking a victim into opening a malicious .msc file, can exploit this flaw to cause a denial of service.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
Low
VPR Score
3.6
EPSS Score
0.0064
CVSS v2.0 Base Score
1.9 (CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
1.4 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74486
CVE CVE-2015-1681
MSKB 3051768
XREF MSFT:MS15-054
Plugin Information
Published: 2015/05/12, Modified: 2019/11/22
Plugin Output

tcp/445/cifs



KB : 3051768
None of the versions of 'comctl32.dll' under C:\Windows\WinSxS
have been patched.
Fixed version : 6.10.7601.18807
134204 - MS15-124: Cumulative Security Update for Internet Explorer (CVE-2015-6161) (3125869)
-
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3125869 and/or a Registry key to prevent the host against CVE-2015-6161. It is, therefore, affected by Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka 'Microsoft Browser ASLR Bypass'.
An unauthenticated, remote attacker can exploit this issue by convincing a user to visit a specially craftedwebsite, resulting in the execution of arbitrary code in the context of the current user.

A specific Fix to Run from Microsoft or a registry value must be added to enable the fix for CVE-2015-6161.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Refer to KB3125869 for additional information.
Risk Factor
Medium
CVSS v3.0 Base Score
3.1 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
3.0 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.1983
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:H/RL:OF/RC:C)
References
CVE CVE-2015-6161
MSKB 3125869
XREF MSFT:MS15-124
Plugin Information
Published: 2020/03/02, Modified: 2025/05/07
Plugin Output

tcp/445/cifs



KB : 3104002
- C:\Windows\system32\mshtml.dll has not been patched.
Remote version : 8.0.7601.17514
Should be : 8.0.7601.19058

The following registry key is missing.

This registry key is required to enable the fix for CVE-2015-6161:
HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe

The following registry key is missing.

This registry key is required to enable the fix for CVE-2015-6161:
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
97736 - MS17-021: Security Update for Windows DirectShow (4010318)
-
Synopsis
The remote Windows host is affected by an information disclosure vulnerability.
Description
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in Windows DirectShow due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted media content, to disclose sensitive information.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

Note that the Microsoft Bulletin contains contradictory information regarding the Windows 2012 Security Only Update and the Windows 2012 Monthly Rollup Update. These updates may not resolve the vulnerability. Please contact Microsoft for clarification if you are running Windows 2012.
Risk Factor
Low
CVSS v3.0 Base Score
3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
2.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
1.4
EPSS Score
0.1818
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
BID 96098
CVE CVE-2017-0042
MSKB 3214051
MSKB 4012212
MSKB 4012215
MSKB 4012213
MSKB 4012216
MSKB 4015548
MSKB 4015551
MSKB 4012606
MSKB 4013198
MSKB 4013429
XREF MSFT:MS17-021
XREF IAVB:2017-B-0031
Plugin Information
Published: 2017/03/15, Modified: 2025/12/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 4012212
- 4012215

- C:\Windows\System32\drivers\srv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.23689
152020 - Oracle Java SE 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2 Multiple Vulnerabilities (July 2021 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 301, 8 Update 291, 11 Update 11, or 16 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory:

- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-2341)

- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-2369)

- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2021-2388)

- Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2021-2432)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the July 2021 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVSS v3.0 Temporal Score
3.5 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.006
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-2341
CVE CVE-2021-2369
CVE CVE-2021-2388
CVE CVE-2021-2432
XREF IAVA:2021-A-0327-S
Plugin Information
Published: 2021/07/23, Modified: 2025/05/28
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.301 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.301 or greater
121231 - Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU)
-
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components :

- An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212)

- An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2019-2426)

- An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2019-2449)

- An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE.
(CVE-2019-2422)

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Oracle JDK / JRE 11 Update 2, 8 Update 201 / 7 Update 211 or later. If necessary, remove any affected versions.
Risk Factor
Medium
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v3.0 Temporal Score
3.4 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0346
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 106583
BID 106590
BID 106596
BID 106597
CVE CVE-2018-11212
CVE CVE-2019-2422
CVE CVE-2019-2426
CVE CVE-2019-2449
Plugin Information
Published: 2019/01/17, Modified: 2024/12/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.201 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.201 or greater
183295 - Oracle Java SE Multiple Vulnerabilities (October 2023 CPU)
-
Synopsis
The remote host is affected by multiple vulnerabilities.
Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory:

- Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. (CVE-2023-22067)

- Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. (CVE-2023-22081)

- CVE-2023-22025Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (CVE-2023-22025)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply the appropriate patch according to the October 2023 Oracle Critical Patch Update advisory.
Risk Factor
Medium
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
2.2
EPSS Score
0.0018
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-22067
CVE CVE-2023-22081
CVE CVE-2023-22025
XREF IAVA:2023-A-0561
Plugin Information
Published: 2023/10/18, Modified: 2025/06/13
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.391 or greater

tcp/445/cifs


Path : C:\Program Files\Java\jre1.8.0_141\
Installed version : 8.0.141.15 / build 8.0.141
Fixed version : Upgrade to version 8.0.391 or greater

70658 - SSH Server CBC Mode Ciphers Enabled
-
Synopsis
The SSH server is configured to use Cipher Block Chaining.
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.

Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
VPR Score
1.4
EPSS Score
0.0307
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 32319
CVE CVE-2008-5161
XREF CERT:958563
XREF CWE:200
Plugin Information
Published: 2013/10/28, Modified: 2026/01/12
Plugin Output

tcp/49236/ssh


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc
153953 - SSH Weak Key Exchange Algorithms Enabled
-
Synopsis
The remote SSH server is configured to allow weak key exchange algorithms.
Description
The remote SSH server is configured to allow key exchange algorithms which are considered weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) RFC9142. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes:

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
See Also
Solution
Contact the vendor or consult product documentation to disable the weak algorithms.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2021/10/13, Modified: 2026/01/12
Plugin Output

tcp/49236/ssh


The following weak key exchange algorithms are enabled :

diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
71049 - SSH Weak MAC Algorithms Enabled
-
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2013/11/22, Modified: 2026/01/12
Plugin Output

tcp/49236/ssh


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96

83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
-
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
See Also
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.9
EPSS Score
0.939
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74733
CVE CVE-2015-4000
XREF CEA-ID:CEA-2021-0004
Plugin Information
Published: 2015/05/28, Modified: 2025/12/15
Plugin Output

tcp/4848


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
-
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
See Also
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.9
EPSS Score
0.939
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74733
CVE CVE-2015-4000
XREF CEA-ID:CEA-2021-0004
Plugin Information
Published: 2015/05/28, Modified: 2025/12/15
Plugin Output

tcp/8181


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
-
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
See Also
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
CVSS v3.0 Base Score
3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.9
EPSS Score
0.939
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
BID 74733
CVE CVE-2015-4000
XREF CEA-ID:CEA-2021-0004
Plugin Information
Published: 2015/05/28, Modified: 2025/12/15
Plugin Output

tcp/8383/www


Vulnerable connection combinations :

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

30218 - Terminal Services Encryption Level is not FIPS-140 Compliant
-
Synopsis
The remote host is not FIPS-140 compliant.
Description
The encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.
Solution
Change RDP encryption level to :

4. FIPS Compliant
Risk Factor
Low
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2008/02/11, Modified: 2026/01/05
Plugin Output

tcp/3389/msrdp


The terminal services encryption level is set to :

2. Medium (Client Compatible)

91231 - 7-Zip Installed
-
Synopsis
A compression utility is installed on the remote Windows host.
Description
7-Zip, a compressed archive manager, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0734
Plugin Information
Published: 2016/05/19, Modified: 2026/01/07
Plugin Output

tcp/445/cifs


Path : C:\Program Files\7-Zip
Version : 16.4.0.0

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- vagrant-2008r2

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2026/01/22
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2026/01/22
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Version : unknown
Source : Server: Apache
backported : 0

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2026/01/22
Plugin Output

tcp/8585/www


URL : http://192.168.122.168:8585/
Version : 2.2.21
Source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
backported : 0
modules : PHP/5.3.10 DAV/2
os : Win64

156001 - Apache Log4j JAR Detection (Windows)
-
Synopsis
Apache Log4j is installed on the remote Windows host.
Description
One or more instances of Apache Log4j, a logging API, are installed on the remote Windows Host.

- Powershell version 5 or greater is required for this plugin.

- If the 'Perform thorough tests' setting is enabled, this plugin will inspect the manifest and properties files of the detected Java archive files.

- The plugin timeout can be set to a custom value other than the plugin's default of 60 minutes via the 'timeout.156001' scanner setting in Nessus 8.15.1 or later.

Please see https://docs.tenable.com/nessus/Content/SettingsAdvanced.htm#Custom for more information.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVA:0001-A-0650
XREF IAVT:0001-T-0941
Plugin Information
Published: 2021/12/10, Modified: 2026/01/20
Plugin Output

tcp/0


Nessus detected 6 installs of Apache Log4j:

Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2.war
Version : 1.2.15
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Library : WEB-INF/lib/log4j-1.2.15.jar
Method : log4j-core dependency search

Path : C:\Program Files\elasticsearch-1.1.1\lib\log4j-1.2.17.jar
Version : 1.2.17
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\axis2\WEB-INF\lib\log4j-1.2.15.jar
Version : 1.2.15
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

Path : C:\ManageEngine\DesktopCentral_Server\lib\log4j-1.2.15.jar
Version : 1.2.15
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase.war
Version : 1.2.17
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Library : WEB-INF/lib/log4j-1.2.17.jar
Method : log4j-core dependency search

Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\log4j-1.2.17.jar
Version : 1.2.17
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

2021 Jar files successfully inspected.

73943 - Apache Struts Detection for Windows
-
Synopsis
The remote host contains a web application that uses a Java framework.
Description
The remote Windows host contains one or more web applications built with Apache Struts, a Java-based framework.

Note: Thorough tests must be enabled to find all apache struts instances
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0534
Plugin Information
Published: 2014/05/09, Modified: 2026/01/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\webapps\struts2-rest-showcase\WEB-INF\lib\struts2-core-2.3.20.1.jar
Version : 2.3.20.1
Application Name : struts2-rest-showcase

39446 - Apache Tomcat Detection
-
Synopsis
The remote web server is an Apache Tomcat server.
Description
Nessus was able to detect a remote Apache Tomcat web server.

NOTE: When paranoia levels are elevated, this plugin will also consider versions obtained from responses with non-200 HTTP status codes.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0535
Plugin Information
Published: 2009/06/18, Modified: 2026/01/22
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Version : unknown

92415 - Application Compatibility Cache
-
Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Application compatibility cache report attached.
34097 - BIOS Info (SMB)
-
Synopsis
BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's SMB interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/08, Modified: 2024/06/11
Plugin Output

tcp/0


Version : Arch Linux 1.17.0-2-2
Release date : 20140401000000.000000+000
Secure boot : disabled
34096 - BIOS Info (WMI)
-
Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/05, Modified: 2026/01/20
Plugin Output

tcp/0


Vendor : SeaBIOS
Version : Arch Linux 1.17.0-2-2
Release date : 20140401000000.000000+000
UUID : 9CA33F65-3A4A-4D51-BB7C-B8B58B0F12AC
Secure boot : disabled
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2026/01/05
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008:r2:sp1:~~standard~~x64~ -> Microsoft Windows Server 2008

Following application CPE's matched on the remote system :

cpe:/a:7-zip:7-zip:16.4.0.0 -> 7-Zip -
cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:apache:http_server:2.2.21 -> Apache Software Foundation Apache HTTP Server
cpe:/a:apache:log4j:1.2.15 -> Apache Software Foundation log4j
cpe:/a:apache:log4j:1.2.17 -> Apache Software Foundation log4j
cpe:/a:apache:struts:2.3.20.1 -> Apache Software Foundation Struts
cpe:/a:apache:tomcat -> Apache Software Foundation Tomcat
cpe:/a:elasticsearch:elasticsearch:1.1.1 -> Elasticsearch
cpe:/a:microsoft:.net_framework:2.0.50727 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.5.1 -> Microsoft .NET Framework
cpe:/a:microsoft:ie:8.0.7601.17514 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:8.0.7601.17514 -> Microsoft Internet Explorer
cpe:/a:microsoft:remote_desktop_connection:6.1.7601.17514 -> Microsoft Remote Desktop Connection
cpe:/a:mysql:mysql -> MySQL MySQL
cpe:/a:oracle:glassfish_server:4.0 -> Oracle GlassFish Server v
cpe:/a:oracle:jre:8.0.141 -> Oracle JRE
cpe:/a:oracle:jre:8.0.141.15 -> Oracle JRE
cpe:/a:oracle:mysql:5.5.20.0 -> Oracle MySQL -
cpe:/a:php:php:5.3.10 -> PHP PHP
cpe:/a:zohocorp:manageengine_desktop_central:9 -> ZohoCorp ManageEngine Desktop Central
cpe:/a:zohocorp:manageengine_endpoint_central:9.1.0
24270 - Computer Manufacturer Information (WMI)
-
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/02, Modified: 2026/01/20
Plugin Output

tcp/0


Computer Manufacturer : QEMU
Computer Model : Standard PC (i440FX + PIIX, 1996)
Computer Type : Other

Computer Physical CPU's : 2
Computer Logical CPU's : 2
CPU0
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU1
Architecture : x64
Physical Cores: 1
Logical Cores : 1

Computer Memory : 4095 MB

Form Factor: DIMM
Type : RAM
Capacity : 4096 MB

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/135/epmap


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0465D0

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0465D0

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-b207305985215ea67e

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc046DF1

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc046DF1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-f072b1279dc7d5751d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-52edfbab0ca86aa79d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-21645c008cd02c4066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-21645c008cd02c4066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-21645c008cd02c4066

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE12E315F9F7D247B188B871222159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-f47d48f49577bf1d29

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE12E315F9F7D247B188B871222159

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-f47d48f49577bf1d29

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE6C599544027E4E1D92C8FD8F7B7A

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\VAGRANT-2008R2

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\VAGRANT-2008R2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\VAGRANT-2008R2

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49152/dce-rpc


The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.122.168

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49153/dce-rpc


The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.122.168

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49154/dce-rpc


The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.122.168

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.122.168

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49175/dce-rpc


The following DCERPC services are available on TCP port 49175 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49175
IP : 192.168.122.168

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49178/dce-rpc


The following DCERPC services are available on TCP port 49178 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49178
IP : 192.168.122.168

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49205/dce-rpc


The following DCERPC services are available on TCP port 49205 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49205
IP : 192.168.122.168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 49205
IP : 192.168.122.168

139785 - DISM Package List (Windows)
-
Synopsis
Use DISM to extract package info from the host.
Description
Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/08/25, Modified: 2026/01/20
Plugin Output

tcp/445/cifs

The following packages were enumerated using the Deployment Image Servicing and Management Tool:

Package : Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514
State : Staged
Release Type : Feature Pack
Install Time :

Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514
State : Installed
Release Type : Foundation
Install Time : 11/21/2010 3:41 AM

Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~en-US~8.0.7601.17514
State : Installed
Release Type : Language Pack
Install Time : 11/21/2010 3:41 AM

Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17514
State : Installed
Release Type : Feature Pack
Install Time : 11/21/2010 3:41 AM

Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514
State : Installed
Release Type : Language Pack
Install Time : 8/7/2017 2:15 AM

Package : Microsoft-Windows-Server-Refresh-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514
State : Installed
Release Type : Language Pack
Install Time : 8/7/2017 2:15 AM

Package : Microsoft-Windows-WinMan-WinIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.3.7601.1023
State : Installed
Release Type : Update
Install Time : 8/7/2017 12:23 AM

Package : Microsoft-Windows-WLMS-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514
State : Installed
Release Type : Language Pack
Install Time : 8/7/2017 2:15 AM

Package : Microsoft-Windows-WLMS-Package~31bf3856ad364e35~amd64~~6.1.7601.17514
State : Installed
Release Type : Feature Pack
Install Time : 8/7/2017 2:15 AM

Package : Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514
State : Installed
Release Type : Update
Install Time : 11/21/2010 3:01 AM

Package : WIN8IP-Microsoft-Windows-WMI-Providers~31bf3856ad364e35~amd64~en-US~7.3.7601.1023
State : Installed
Release Type : Language Pack
Install Time : 8/7/2017 12:23 AM

Package : WIN8IP-Microsoft-Windows-WMI-Providers~31bf3856ad364e35~amd64~~7.3.7601.1023
State : Installed
Release Type : Feature Pack
Install Time : 8/7/2017 12:23 AM

55472 - Device Hostname
-
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/06/30, Modified: 2026/02/03
Plugin Output

tcp/0


Hostname : VAGRANT-2008R2
VAGRANT-2008R2 (WMI)
54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2025/03/12
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100

109941 - Elasticsearch Detection
-
Synopsis
The remote web server is running a distributed search engine.
Description
The remote host is running Elasticsearch, a distributed search engine service written in Java and possibly a security extension called X-Pack.

Note that HTTP Basic/Digest credentials may be required to retrieve version information.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/05/21, Modified: 2026/01/19
Plugin Output

tcp/9200/elasticsearch


URL : http://192.168.122.168:9200/
Version : 1.1.1

71246 - Enumerate Local Group Memberships
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering Group data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/06, Modified: 2026/01/20
Plugin Output

tcp/0

Group Name : Administrators
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-500
Name : vagrant
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1000
Name : sshd_server
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1002

Group Name : Backup Operators
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-551
Members :
Name : leia_organa
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1004

Group Name : Certificate Service DCOM Access
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-574
Members :
Name : luke_skywalker
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1005

Group Name : Cryptographic Operators
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-569
Members :
Name : han_solo
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1006

Group Name : Distributed COM Users
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-562
Members :
Name : artoo_detoo
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1007

Group Name : Event Log Readers
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-573
Members :
Name : c_three_pio
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1008

Group Name : Guests
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-501
Name : ben_kenobi
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1009

Group Name : IIS_IUSRS
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : VAGRANT-2008R2
Class : Win32_SystemAccount
SID : S-1-5-17
Name : darth_vader
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1010

Group Name : Network Configuration Operators
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-556
Members :
Name : anakin_skywalker
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1011

Group Name : Performance Log Users
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-559
Members :
Name : jarjar_binks
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1012

Group Name : Performance Monitor Users
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-558
Members :
Name : lando_calrissian
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1013

Group Name : Power Users
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-547
Members :
Name : boba_fett
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1014

Group Name : Print Operators
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-550
Members :
Name : jabba_hutt
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1015

Group Name : Remote Desktop Users
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-555
Members :
Name : greedo
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1016

Group Name : Replicator
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-552
Members :
Name : chewbacca
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1017

Group Name : Users
Host Name : VAGRANT-2008R2
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : VAGRANT-2008R2
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : VAGRANT-2008R2
Class : Win32_SystemAccount
SID : S-1-5-11
Name : vagrant
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1000
Name : sshd
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1001
Name : sshd_server
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1002
Name : leia_organa
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1004
Name : luke_skywalker
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1005
Name : han_solo
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1006
Name : artoo_detoo
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1007
Name : c_three_pio
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1008
Name : ben_kenobi
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1009
Name : darth_vader
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1010
Name : anakin_skywalker
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1011
Name : jarjar_binks
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1012
Name : lando_calrissian
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1013
Name : boba_fett
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1014
Name : jabba_hutt
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1015
Name : greedo
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1016
Name : chewbacca
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1017
Name : kylo_ren
Domain : VAGRANT-2008R2
Class : Win32_UserAccount
SID : S-1-5-21-3331990163-568474530-1720004626-1018

Group Name : WinRMRemoteWMIUsers__
Host Name : VAGRANT-2008R2
Group SID : S-1-5-21-3331990163-568474530-1720004626-1003
Members :
72684 - Enumerate Users via WMI
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.
Description
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering User data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/02/25, Modified: 2026/01/20
Plugin Output

tcp/0


Name : Administrator
SID : S-1-5-21-3331990163-568474530-1720004626-500
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : anakin_skywalker
SID : S-1-5-21-3331990163-568474530-1720004626-1011
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : artoo_detoo
SID : S-1-5-21-3331990163-568474530-1720004626-1007
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : ben_kenobi
SID : S-1-5-21-3331990163-568474530-1720004626-1009
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : boba_fett
SID : S-1-5-21-3331990163-568474530-1720004626-1014
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : chewbacca
SID : S-1-5-21-3331990163-568474530-1720004626-1017
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : c_three_pio
SID : S-1-5-21-3331990163-568474530-1720004626-1008
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : darth_vader
SID : S-1-5-21-3331990163-568474530-1720004626-1010
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : greedo
SID : S-1-5-21-3331990163-568474530-1720004626-1016
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : Guest
SID : S-1-5-21-3331990163-568474530-1720004626-501
Disabled : True
Lockout : False
Change password : False
Source : Local

Name : han_solo
SID : S-1-5-21-3331990163-568474530-1720004626-1006
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : jabba_hutt
SID : S-1-5-21-3331990163-568474530-1720004626-1015
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : jarjar_binks
SID : S-1-5-21-3331990163-568474530-1720004626-1012
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : kylo_ren
SID : S-1-5-21-3331990163-568474530-1720004626-1018
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : lando_calrissian
SID : S-1-5-21-3331990163-568474530-1720004626-1013
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : leia_organa
SID : S-1-5-21-3331990163-568474530-1720004626-1004
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : luke_skywalker
SID : S-1-5-21-3331990163-568474530-1720004626-1005
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : sshd
SID : S-1-5-21-3331990163-568474530-1720004626-1001
Disabled : True
Lockout : False
Change password : True
Source : Local

Name : sshd_server
SID : S-1-5-21-3331990163-568474530-1720004626-1002
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : vagrant
SID : S-1-5-21-3331990163-568474530-1720004626-1000
Disabled : False
Lockout : False
Change password : True
Source : Local

No. Of Users : 20
168980 - Enumerate the PATH Variables
-
Synopsis
Enumerates the PATH variable of the current scan user.
Description
Enumerates the PATH variables of the current scan user.
Solution
Ensure that directories listed here are in line with corporate policy.
Risk Factor
None
Plugin Information
Published: 2022/12/21, Modified: 2026/02/03
Plugin Output

tcp/0

Nessus has enumerated the path of the current scan user :

C:\tools\ruby23\bin
C:\ProgramData\Oracle\Java\javapath
C:\ProgramData\Boxstarter
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Program Files\OpenSSH\bin
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\ProgramData\chocolatey\bin
C:\Program Files\Java\jdk1.8.0_144\bin
86420 - Ethernet MAC Addresses
-
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/10/16, Modified: 2025/06/10
Plugin Output

tcp/0

The following is a consolidated list of detected MAC addresses:
- 52:54:00:64:7E:B3

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2024/08/09
Plugin Output

tcp/8383/www


HTTP/1.1 200 OK

Date: Thu, 12 Feb 2026 04:35:06 GMT
Server: Apache
Accept-Ranges: bytes
ETag: W/"107-1444224756000"
Last-Modified: Wed, 07 Oct 2015 13:32:36 GMT
Content-Length: 107
X-dc-header: yes
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/8020/www

Based on the response to an OPTIONS request :

- HTTP methods DELETE HEAD OPTIONS POST PUT GET
are allowed on :

/

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/8022/www

Based on the response to an OPTIONS request :

- HTTP methods DELETE HEAD OPTIONS POST PUT GET
are allowed on :

/

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/8080/www

Based on the response to an OPTIONS request :

- HTTP methods DELETE HEAD OPTIONS POST PUT TRACE GET
are allowed on :

/

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/8383/www

Based on the response to an OPTIONS request :

- HTTP methods DELETE HEAD OPTIONS POST PUT GET
are allowed on :

/

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/3000/www

The remote web server type is :

WEBrick/1.3.1 (Ruby/2.3.3/2016-11-21)

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/5985/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8020/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8022/www

The remote web server type is :

Apache-Coyote/1.1

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8080/www

The remote web server type is :

GlassFish Server Open Source Edition 4.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8383/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8484/www

The remote web server type is :

Jetty(winstone-2.8)

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8585/www

The remote web server type is :

Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/47001/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/3000/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : GET,HEAD,POST,OPTIONS
Headers :

X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Etag: "9fdff472a0cc0802ae8009cd2322f2da"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: b10e9ed2-ec2e-4502-acde-b9af7eb00910
X-Runtime: 0.000000
Server: WEBrick/1.3.1 (Ruby/2.3.3/2016-11-21)
Date: Thu, 12 Feb 2026 04:40:00 GMT
Content-Length: 14846
Connection: Keep-Alive

Response Body :

<!DOCTYPE html>
<html>
<head>
<title>Ruby on Rails: Welcome aboard</title>
<style media="screen">
body {
margin: 0;
margin-bottom: 25px;
padding: 0;
background-color: #f0f0f0;
font-family: "Lucida Grande", "Bitstream Vera Sans", "Verdana";
font-size: 13px;
color: #333;
}

h1 {
font-size: 28px;
color: #000;
}

a {color: #03c}
a:hover {
background-color: #03c;
color: white;
text-decoration: none;
}


#page {
background-color: #f0f0f0;
width: 750px;
margin: 0;
margin-left: auto;
margin-right: auto;
}

#content {
float: left;
background-color: white;
border: 3px solid #aaa;
border-top: none;
padding: 25px;
width: 500px;
}

#sidebar {
float: right;
width: 175px;
}

#footer {
clear: both;
}

#header, #about, #getting-started {
padding-left: 75px;
padding-right: 30px;
}


#header {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAABACAYAAABY1SR7AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAGZhJREFUeNqsWwmUXGWV/t5Sr9aurl6qO0l3Z9/DEoJh18gZQGAUxPHIyQHH7eioZ8bjnAFHZ0RndNxxRBhGcUbxoKIHBkTEcUYREIHIGpKQjUDS6U660/tSVV3Lq/fefPf/Xy2dBFGYx3npqvde/e/e/97v3u/e/8e4Lt2L8DCCAFcGwF8ZBjYbgM1rAZoO+WLwZhDMu9y4+YcOozbAqzwXNA3GdzX/5hV+KnKO2+GXFj/AvzmW8e72iG202CYiphbY403f9/k3QHZtJ9oWtyCQe7wGX79TKVb7rP9pXJPDVxf0Rz+oyxm4HNWrahFNixdk3EAJbERMWOm4ulctVODNVeEVK0DeRVDgb1wfJgcqUo6duaKnFOH7bm6JmH+5LOEgZprwRIHAV3JYfLjKM55Noz3bBqdcgt0Wg52Kq/cHHkXns0qIukKBlltk9rU2QaiouiefPQ+RdBuseAJeqYTK1CTH8mE4NsyIpRWu8nssCs+xULWpjGVwTvieKl/sV6mIXzOib/OftzuG8d6l8SiVMODyRb46oazg8YPP2Wnvy9ISNqplzsxYAW6hjGhHEmYiBoPC+hRMfFMrESgrBC5n0KS+lq1nPahZh2OXymg9bSNWX/u3FKyKI//7Exx96B4Y8RiCEseq8t0VznyxjMDidFIJ8QSf3hJEOFbZEAHVhIkFTX54fxtnIW5pJUQIeZ8ooZShkInuDOLpFIX1ldtCBix7KI/k4E7OwbTjcNIdiCQzsONp2LEk7GgUnZsuQN9lW2En45xlukrUghWzeZq8FsXsi8+gND6MSCqD9k3nwulIUShKZxt0LYPWortRSY0NXreC8J6pZNDChEDh53PT1NIPLaEnLbQKNTETEaR7sycA0jD1INXZAnzObjTbiWh7Vr1A3Knn4nciu+lCvstUig09cp96cVCtcELoFpEIFUjjyIM/osWIg+IMXS3DcfNwZ3NQHmmKU9OqroX2jWdgatduuPkpmA4ViZrK9RqKABEBtg9tDeW+oUIyTIYuFaX7eCG4aqbU+hhKocD3UBoZISBLiC9cpAQKyq5SQo6OjVswtec5VHLTiHUuIN4WonXlqUj2riS0DIUXwZlERFHSK+SQGzqI3MHdmNm7CzMvvowF527B8qvejZ3/+iXk9vVTao5tiTKN0OUHISZEGS/8W6UbRdoTSHe3E1f+CRaR3xhBLVJSIQ7qleZQGBigZYoYdR+ElUjBaW3H6JMPIrV0Hdo2bEayZ7my0KsdLctPBS64EuWZMYw/9wTGnvod0mtzWH71Vuz66o10bVpK8FIx6orUMejpCKYBTvfM9HXBJtA8z3/1BKDivaksVJmaYsgsYPDnd6LzzAuw8I1XUIGleC1HtDWLnguv5BiX4+jDD2D4sQeV1bQvNXBi6vAb1MGtrEEHjRPgqfZ0qMRJElYYSudfq12nmzAvtJ2yib69iRadRGnySD0Uv5bDtCPou/gqnPY3N6DnLRczgtHxCf4aVnUeUdgw6i6FqM1w292Ujo/TJdB5wHcJ2iDCaBTRmVfw4rkw4yksuvQyJJf0YvrgNiayvBLESS9AYuFqJLLLCPb4SQWulosojhxmeCeoDeaQSoVuy8lPtSKxYKnC2Bmf+DwtvBgv3/qfTI6uEtGuJV7PCBTIq5zNtt5uxBgyvap30pf55TISfX1Y/PatGPrVvcgPvEyAJ1GenaPZLSy//G2IL+qki43CNCMwk620iovy9FGUJgYwm8gwpK/guRJOS5dyD688h+n9z2L28F4Ujx2ia04jEl8Ad3oGVTePaGcnQ3sKLb1rkD3nIqx594dRIh733n6PmmrrvGj671sjVlxczRWAkxZ0r+rTrhfMJ0uEM8xKUYXONR+5nr57BdpP24TCsX6M/f5F5AYLWPauK9F11htUwjOIL8GNZH1qpKwiyVGELk0OoDj2EtziFOaODSN3aC/v24xmZzAU51TgcJKd/DktHo9jyRXvg0Or7PvejTj22KPKiyafew6zg8MYypVLNsLkJ2bxaZXM4i5EmCBPsEaoWJUUpfeSK7DgvEtQmh4ihTDQdf5FOHDHr7HqPVeh99KL4OVzpE50N18CtqnCdBCY6rsEcTsqIGUGD6rY9e3bMPzIHmTWLsbqa7ai84wL6YrTqEyOqEmwonEExSoO//R7dLcJWiWCueF+7P7mjZAUY8YdJZqySMo24j5zQSybQdeyhdrX5imho4NhEEnkRbkDQyjSRVJLeziCgef/6avIrFuOtR95P2lJNSSshg4l6rdm+Ht9inWsqIOX7voN+u/eRoEM5PvHMbbjGcwcfg7jO3YxbCcRiaaYQOXnpEaFGeahGQaMCidJRidt8RghS6Q344XQIowmFq2QXdLNdwsx8zUFqCOQNIECVqdp8pESB53Fvhdux9T2FxBb1AWX4XbjDX/HFzjEmgedB4XYKT5D4T0VTLRCtIiTwOBvfovpvS8T+Bm4MyW6jw13tIIDt/9G/TTWk8HKvzgbmd4+YldYQIdixgHJYkC82Ul6UDnQSbEGdsFGZlEWyUyLyiEyYwajRVAoAXNlEjR+pjUCUmiDQcKOORwwgpFfP4cg5mPzTZ9FoqePdGVWuZRPYQNPcgrd0/dCpqpdy3DIsQ4fxtiTu7Hxkx8iRXkcB+94iM86/K0Jx4opi5aOzGJs14toWeLAdYXWxFQCtJlkA+LUq+bI7QR3mj3YoqVNgGcXd5NWUOiZAk9GH86S4jK25jWBLVREl1uK5Voywz6WXf1WLHjTm0lPigSyxoUpnEqU8c26Wyk/Y24RMjhw/yMoj+cQbWvH0isuwuijL6BwaJwcyq7XUTaBP7N3HOU3ke7HSONJb8RTBGoGKZPFyTE8saTZyCPtrC2coxOoTuY5+x4UTzHNsNjR6d6Qa8JJ5BIV8ksVtKzpwcr3v5dyOrzHKMWXizsZAnK6k1ImPDmAqjOmdr9AwXcodzr4kwfQfuY6VKbzyhpGU96S75WxIqb2DaPnvNWKklQD4WSuzB+sVILjOYjm/VARSWKTBQQzlZCFmErYeubzVJJR14SlQtVQMjO0xrXvoulXkq3OKnxAXqSsoSmNUbOM/BV35RjDDz9JrBXpnnEM3vsYjj38LLyZihI8QNAgQhITOCmTO46i+6w1MPm86RVIiC09/RJUGcECCe2UU0G6QIyUjEC5hGaCNd4RqHKU6VuDylQlI2N8hfXDWibEdyhCKXREuZUVUX8lyhh2+Jl5Q/6akSgT4izGn3wBFu+JwYOKj8qwtsbJaYmJuYEZ5AYmFOWXPCN1jTodzeuqM0WtSI1rzXrV0LSNKRFuZLYQ2EYVPjEQVuQUMsCya65GvL1HWUwJS+FNUcBsUiZUQv7aLGlndr+I8ug4XUMVAJw4U7FmI8SFETTmUaGK2gas1SeeP8znoizIEso9DaUIy2FWkNU5V0VYs/azWXKncuCHqgQq1CHiY831H8TGr34erRvXKdD6LD3b+HnRn12qGgdqlmxHZe2aRcy6NbQScl8y8dSOfWQE1yK9YYmqXYww3xhNObemUI2IWraF2d1HMTeeh83MbkUiylKiiMdy2wjzXBjxWYdRiSkhfDVVKGSstxM9l16JxZe/E2+848c49bPXK9D2vPUyEsBOVZMINmpCW6HgEOuIQjXF6FYuAV2aHsWyrVfj9C9er5SR5Kms0PTf8QoZtIo7WSJW+mmRJLGSpDK2ipzV2bK6X6fxtWOCicYVqyhGXkXn+WeTcfape5ZDsPGM91C5iy8LI0s445bd9FkrAFHICt1N8DE+gdyeQczs34+uzeei68LNLGfdea50st6VbiyYmHq+nxTFRSSRVsD3ii7xyeQbdt/M5h/MERMT4i6GjlAWeUxh6HCN8+LIz+5H5zlUbtHSOnVp4MCa51JaIQ16i0kwP9CP0uExPP+JL2DggfuYN8jTJClYxnH4aNimdpp0r7nDkyx9h5gE0+RqSVTyZXXTsMz5FaJyMJrrGLNopyWUIImj//1LjPzuUZLCC5gzVqMwPIglV7/rxCaihFaCPCDOxDUl1EoylFP4mUlFCgPDStLKWB47PnUjrSSsNqrJsa/zR02ZwGjYRoVkEZh0ZHzbfmTPXE85SWrnKip6GeFE2I1iKVBCzNK9pmiVhS1x+Axx7myRJesvgHvvR3rNKmQ3n/OKPVGND1MVXTqHiFK6qVFiwlXgTVDhkq+ChhnyJCW9GeaoIGQOdV0M9YhYZWbvUXrIJJ+rKL6lJ9CYj5Fai0iKqyPkx0HcUsJYrBbtREIJ2H72GxTI/2CL1zAbLkZ8WIxYgUvsKebq6Zl3rEZvymx6echo1N+au9XcS3oHsxWMPrGTFH+CLhsmbhMNRWrNB4SZVSwyJ5WDFRb3DAAmaXf2rPP+6BpbkmStkBLAWwkHmdNWKfYqFaZRp2GGdo+mhpv6bBkNhepRzERpdASeW1aKSZ5RidpoUsRAvQ+NJCnJHHl+bcZ80vjkij661vo/rWMQSitWskgnNv7LP+MNN38NadYuCPtYCItIFTjMRgfeqClkhkFZ+FXCQmpFuyKXii7xNI93LT9szdrUMsNZnJkuwZX6zlKdaqRXrESiq/e19kBC3NisLt+Gc/7jW0gtZ51Bl1MCmUaoM//aRv0aapnF0l362KIUnI6EyuhCUOuWrIVfAZcRAj5NJWJ0C5epP19y1awJLWhdt/a1t3KcGF8Yxb5bbsLItoeYmxZRkRWq46IrR9StX/tcw4oKsYH+nlrZpmbcZQ7R1tDPBvMbdIwofLpVKIfcJy5nCa5WRhnDFkVOx+s5kr29GPzpfUxsuxg0zlQUxSZudG/CqNOSIJxYCclGCA7fDRDpiCK6gIVfidVmWXrHRh0fmBd+eSYIIEcWdRhdJJsWp+aQT1vI9nYjnl3wuhSJLuhAJJ1WQWDisadUELCi0bD1WlscMpq6lrV1Ft0riC9tVcFD8odfDVS9bod5pNGgC3+XFnxsXA2rsw25/gHMTcwiRxdbvLgPsY7s61IktWSZinw6l8SbupNGvUlphB1yZY3aIhfZtRmz4XS3oMoA5JP6BywdvBIr24ytMdzsWjHaMcnI0nXRG5FkdCrnS6gy6QzccxeMZDsJW+r1KbJ4pbKAVy6huXoyauVUaAUjRK5WjN9cH05PCiZl84VfsXaSVTKf191C6F61qCXjtjAORtvTSPb0sgYoEi/UmEmnMj6JkpXA6z2cTAbxxV26GdEEZB12DVVV63BrIuwYaWpCGZyuJBWSFSxPLTB5PH1+rhDDKlQbuvajNUzE+UVyRTTdQt+zWIrGWIJOozo8hjmashq8PkXsZAoty1Yqi/gVnq6ru+p1pUKFTM3dENJzu421TiqKKq3hhUp45apSyM1VGMH0xOi+liz0yOxUyijs2w2DlRjI+8tHB3XUIP+fGBxA9+LFr1kRgwV769p1fPkEQ+9KRq+dKE9MsGKc1BmxltEC7W6CEdW0aUtocIvw0tcSt5JGu3R4OA+zIxW1uKoUOUZzFxmxRp/ai+iz+xi9CK5EVJGdqBNBlG4xdvBlRq9eTQteawhm0MgPLsSGj92gVqjKk8ew/TOfxPjjz8BKxhvLFGHjWUBuJh0Cu6pqD7WCTGz4BDqKpE30rIlj05rw6sKFxuCXPP9O8MEjxQqOTuQwNjJLa1mItaRRGB3GLHnO6znaNmxC/nA/cocPKNoS61iEZVdfEy5LBHVKUieCLY5eeKIiXp6RapJuNVJFMCamYGnOUFyslBo0Xronai0dIfXmnZIqtKhgNIaj/F3ULSLx4j60dnXXy8s/OZe0dyGW7cLOL34arevXI9rayWgYhZPtoJtNqsTbyPKUgwzamyCw867MtG5NBUF9bSBXLCkeKOzDroUutaZODax52yUk5sfgsyrL897+PXtQHTmK7vWnomPpCkSTf3pI7j7/Qmz/5HWY3r5LNziYeC3WPlYsovOJJ7VKVbuPENcgXEyvuV3IbKXpPlcqqh0acqGe2S1oq1jzqmZ+b0mGDJNaM2bnjrHuPnYUifZOtDMKda9ah1RnZ30F99WO9jM2MzouZw0vLdJIuCsiUInOz0vbiVNa9DSBtITyWo3VAV/XG/KmPEuBKrmard7rNxKiyCoN7EBnpXlLCiYTmfibuEHSSSkLV4uzGNr5NEYP7EZb31J0rd6AzMIevtf+g4oIg+7e8iYM3H03J5muw9n3ZquqfwU3aGDdMBqdztr+lXBbhyg+R2xYTb5jN7YG6SKnyh870r8Ki6Py0CiO3fcTNWaCBU3E8FVDr7ZPRjbcDLHO30N/TmazdLk+JFMxVoZh6errUrcmnDQp5o4MocrI4o3N6dmXhp1hoHkOFV2R5CXtVwm3Qc0aBip8Z6lY0HtRpJ8GYz5pVFgxgkaHiaCuDE1gfOAhFdNbJIKxplCKNJqqyoqi0CT9tp9/IyyPE2SryYyDKD9LVKxKUqXbuFOM+yVDN/Rq+0ia1mLmtYNqK8rhTiSpLLNbLkDLuZvQ0X8QBoG+//5fIMjP4AQ/kJkuM+vW+sS1wkgiVSTi0Fq2XqoLFfFYMMkyHSFL2mOpHQmy+aU4xXHoLk6rrIkYiE1JNpZOJjO1ivduOLSkZeuk6/YBwR54jaVv6chXpmZQmJnEssveQjwVcPCXv1IWt4//sUVB7K4WpGTREqhvJCrO5MhtGLMTKWU5pUSpDKs1glhbB4W3VCSpTM6gOl2GQzxJt+RQUMFcOoENrXG0FEhESSvMmIVIZ6uaHL9QZn6Y067VNJueV4bdmYDdktJ7pAJNKKfG+pG/cz8GH/gfGLIARF4o9fs8RWSrUmZxN7Z+9za0sooTPiRuI22bsUMHsevWW1B+iFnYdOgqFWTPPxWnXPdxtK5eV8fB9IH92Pn1m1hz7MQh00Xm/C34+K23MiOXsPvLX8bgbXej5bz1OPs7tzIhduHgnXfghX/8OplEsr6U4ZtV9G69HMvf8wEkKUfgaUeWbs4zX/8Sxm/+AbzxCRVF1VpFM9hrvS2ZmZbuRUh2LpxPw7t60EWK8vgHPoCZ5w4i1pvBps99Bu2nbJ73XLyzB4kvLcAPt27F2LFR9MTjSKbb1L1h4mIq4iNL14u2ZRFJysazZCNHqA0DZXRcuBGnf+bz6v4JLDqVgk3r247DnMdJDkOzffJtDfoY2b0dg08/gbZlq7BiyyWk+MuQ2bAGU9v2snTtQnxBj3pu9OnfYXr/Hiq1EZ0bz0ZsUS+sFUvgDB+DFfh1v3X9Kg4xknfLRNZ21h2/RYTX29avU0pUSwUcuP07KLw0oBZrA5bGozt2MlA5updgzGuJnYyp6rt7778HP37fX+OJW77ZaKzKoo5eOdfRhMehO3+EbXzu8H/dXW/SOTwj0gZqeoVck+h3xES9LDjpVp3QXeRdqSVLkDllrepy5oeHMPH0brq2qdteRmNJwj7pYKFVlr75YrztKw6ya9aFTzF8Tk+pBZrmXRGRdCsSLMiQbKlfE7PLrjarCcSSA0QZvQQevGKncnrfXpVwZTde3+XvqN9b8d4PYfuNn8O+b9zO56K6oGpOiMYreNfSc7eoE+FO00P334XJx3fQzM685zd8/Hqs/uCHGGEy9QEslaT0Cm9t7rVyYqnGWogEGIl+nqUTmyxwTj62HTs/91ks3XqN2u8VBLKZoVt14pe/42oc/O6dzB2+qnEMNGHEPHHbSfiSqloakGP7D7+Dpz79BfT6cRXu5rHatk51Nh9aEaOJu2mOZIf36uDu6EDi3PVoIQGV5efiwSG1Rjny8COY3P4sI1WM2HKx4bpPYdEFlzA9RMOlhCAsLJssYqGxRbcZI8//9MfIrliDvjPOwqqL/xwD996P6rY9zGHWPNMNPf8UJl9+Cdm169G9YWOdapjB8auShsJMc85YdekVWL7lQgroKHd68qMfRcAEu+lrX1GdSdmBKjQn0aOrU9lso5bK53uSLiyscNu10tAy66FganAQD9zwD6jM5ZBe2IeLbvoGWs5YofZQyfKXxbpejl133omfXfth7P/Fz8NRLbXgb0nGNe26GhGST5MzFmEYll2oCl+sd2IZCcWtTKxd6rokwdYVpyK9fB1z1KnIrD0NDt1WiNGB738X3kxJVapiWVmR5pCurc2iSaIkmNJ0Hr+9+WYkMu0YfHI7Dv9+J+766Eew8vSNiFP4WGsGBanhh6bw1K3fRjSdwfSel5FikTT67At4+t9vgVssojA0Rp6VwOyhfjx9262qABrfw1KaJW15YprXvsVcEG1sT5eCji40fXSURVyAvTd9TSmv6nTVifQx/uwzmHiU7kb3Clu+GC27MsY247p07+SihN0m/Kgc6EXRIjmMgDvCF9mcsXJxDgniZSnN3xFLIcc6Yormd1mhCX2QpWc7SteolNUpNUQkIUvJpDkUrsrfqy1L8ZjaFSTrJKLsCbvz6BqxaBwdBReWbJmF3kTa2NYRVYFGHEYKqqFKFXtzMg6uUhaJyzZyQ/d/FdUm8LwmAuYwO/vhQBU+m+ddmy+NpBKNWpIzF7EdRSxrOygMMl6LruUw2tQXOTy1akNFk/XtU/V70H3g6YyNNk5GtOIp/DYvlKp9LoJLWuIl2fADfJ/X71PQ8Jo2Vzbv620OAFI9jtIqCQ7tnfC/JxhNT4dShds4UKvB66s1ftPnRqOh/l13hDDqWGhxqUgTsIV1Fzg5Y7TEpKsK+B/w+sdqUWuqv1CxUN8K/MqHLMnhj/g/J/4/juDky9VSg0kh/zQj322897Pao/8nwAC+AZicLeuzngAAAABJRU5ErkJggg==);
background-repeat: no-repeat;
background-position: top left;
height: 64px;
}
#header h1, #header h2 {margin: 0}
#header h2 {
color: #888;
font-weight: normal;
font-size: 16px;
}


#about h3 {
margin: 0;
margin-bottom: 10px;
font-size: 14px;
}

#about-content {
background-color: #ffd;
border: 1px solid #fc0;
margin-left: -55px;
margin-right: -10px;
}
#about-content table {
margin-top: 10px;
margin-bottom: 10px;
font-size: 11px;
border-collapse: collapse;
}
#about-content td {
padding: 10px;
padding-top: 3px;
padding-bottom: 3px;
}
#about-content td.name {color: #555}
#about-content td.value {color: #000}

#about-content ul {
padding: 0;
list-style-type: none;
}

#about-content.failure {
background-color: #fcc;
border: 1px solid #f00;
}
#about-content.failure p {
margin: 0;
padding: 10px;
}


#getting-started {
border-top: 1px solid #ccc;
margin-top: 25px;
padding-top: 15px;
}
#getting-started h1 {
margin: 0;
font-size: 20px;
}
#getting-started h2 {
margin: 0;
font-size: 14px;
font-weight: normal;
color: #333;
margin-bottom: 25px;
}
#getting-started ol {
margin-left: 0;
padding-left: 0;
}
#getting-started li {
font-size: 18px;
color: #888;
margin-bottom: 25px;
}
#getting-started li h2 {
margin: 0;
font-weight: normal;
font-size: 18px;
color: #333;
}
#getting-started li p {
color: #555;
font-size: 13px;
}


#sidebar ul {
margin-left: 0;
padding-left: 0;
}
#sidebar ul h3 {
margin-top: 25px;
font-size: 16px;
padding-bottom: 10px;
border-bottom: 1px solid #ccc;
}
#sidebar li {
list-style-type: none;
}
#sidebar ul.links li {
margin-bottom: 5px;
}

.filename {
font-style: italic;
}
</style>
<script>
function about() {
var info = document.getElementById('about-content'),
xhr;

if (info.innerHTML === '') {
xhr = new XMLHttpRequest();
xhr.open("GET", "/rails/info/properties", false);
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhr.send("");
info.innerHTML = xhr.responseText;
}

info.style.display = info.style.display === 'none' ? 'block' : 'none';
}
</script>
</head>
<body>
<div id="page">
<div id="sidebar">
<ul id="sidebar-items">
<li>
<h3>Browse the documentation</h3>
<ul class="links">
<li><a href="http://guides.rubyonrails.org/">Rails Guides</a></li>
<li><a href="http://api.rubyonrails.org/">Rails API</a></li>
<li><a href="http://www.ruby-doc.org/core/">Ruby core</a></li>
<li><a href="http://www.ruby-doc.org/stdlib/">Ruby standard library</a></li>
</ul>
</li>
</ul>
</div>

<div id="content">
<div id="header">
<h1>Welcome aboard</h1>
<h2>You&rsquo;re riding Ruby on Rails!</h2>
</div>

<div id="about">
<h3><a href="/rails/info/properties" onclick="about(); return false">About your application&rsquo;s environment</a></h3>
<div id="about-content" style="display: none"></div>
</div>

<div id="getting-started">
<h1>Getting started</h1>
<h2>Here&rsquo;s how to get rolling:</h2>

<ol>
<li>
<h2>Use <code>rails generate</code> to create your models and controllers</h2>
<p>To see all available options, run it without parameters.</p>
</li>

<li>
<h2>Set up a root route to replace this page</h2>
<p>You're seeing this page because you're running in development mode and you haven't set a root route yet.</p>
<p>Routes are set up in <span class="filename">config/routes.rb</span>.</p>
</li>

<li>
<h2>Configure your database</h2>
<p>If you're not using SQLite (the default), edit <span class="filename">config/database.yml</span> with your username and password.</p>
</li>
</ol>
</div>
</div>

<div id="footer">&nbsp;</div>
</div>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/5985/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 12 Feb 2026 04:39:59 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8020/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 12 Feb 2026 04:40:08 GMT
Server: Apache
Accept-Ranges: bytes
ETag: W/"107-1444224756000"
Last-Modified: Wed, 07 Oct 2015 13:32:36 GMT
Content-Length: 107
X-dc-header: yes
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

Response Body :

<!-- $Id$ -->
<html>
<head>
<META HTTP-EQUIV=Refresh CONTENT="0; URL=./configurations.do">
</head>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8022/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, OPTIONS
Headers :

Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"107-1444224756000"
Last-Modified: Wed, 07 Oct 2015 13:32:36 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 107
Date: Thu, 12 Feb 2026 04:39:59 GMT

Response Body :

<!-- $Id$ -->
<html>
<head>
<META HTTP-EQUIV=Refresh CONTENT="0; URL=./configurations.do">
</head>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8080/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Headers :

X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.0 Java/Oracle Corporation/1.8)
Server: GlassFish Server Open Source Edition 4.0
Accept-Ranges: bytes
ETag: W/"4626-1368596036000"
Last-Modified: Wed, 15 May 2013 05:33:56 GMT
Content-Type: text/html
Date: Thu, 12 Feb 2026 04:40:00 GMT
Content-Length: 4626

Response Body :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<!--
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

Copyright (c) 2010, 2013 Oracle and/or its affiliates. All rights reserved.

Use is subject to License Terms
-->
<head>
<style type="text/css">
body{margin-top:0}
body,td,p,div,span,a,ul,ul li, ol, ol li, ol li b, dl,h1,h2,h3,h4,h5,h6,li {font-family:geneva,helvetica,arial,"lucida sans",sans-serif; font-size:10pt}
h1 {font-size:18pt}
h2 {font-size:14pt}
h3 {font-size:12pt}
code,kbd,tt,pre {font-family:monaco,courier,"courier new"; font-size:10pt;}
li {padding-bottom: 8px}
p.copy, p.copy a {font-family:geneva,helvetica,arial,"lucida sans",sans-serif; font-size:8pt}
p.copy {text-align: center}
table.grey1,tr.grey1,td.grey1{background:#f1f1f1}
th {color:#ffffff; font-family:geneva,helvetica,arial,"lucida sans",sans-serif; font-size:12pt}
td.insidehead {font-weight:bold; background:white; text-align: left;}
a {text-decoration:none; color:#3E6B8A}
a:visited{color:#917E9C}
a:hover {text-decoration:underline}
</style>
<title>GlassFish Server - Server Running</title>
</head>
<body bgcolor="#ffffff" text="#000000" link="#594fbf" vlink="#1005fb" alink="#333366"><br> <table width="100%" border="0" cellspacing="0" cellpadding="3">
<tbody>
<tr><td align="right" valign="top"> <a href="http://www.oracle.com">oracle.com</a> </td></tr>
<tr><td align="left" valign="top" bgcolor="#587993"> <font color="#ffffff">&nbsp;<b>GlassFish Server</b></font> </td></tr>
</tbody>
</table>
<h1>Your server is now running</h1>
<p>To replace this page, overwrite the file <code>index.html</code> in the document root folder of this server. The document root folder for this server is the <code>docroot</code> subdirectory of this server's domain directory.</p>
<p>To manage a server on the <b>local host</b> with the <b>default administration port</b>, <a href="http://localhost:4848">go to the Administration Console</a>.</p>
<!--
<h2>Get Oracle GlassFish Server with Premier Support</h2>
<p>For production deployments, consider Oracle GlassFish Server with <a href="http://www.oracle.com/support/premier/index.html">Oracle Premier Support for Software</a>. Premier Support helps lower the total cost and risk of owning your Oracle solutions, improve the return from your IT investment, and optimize the business value of your IT solutions. Benefits of Premier Support include product updates and enhancements, global reach, lifetime support, ecosystem support, and proactive, automated support.</p>
-->
<h2>Install and update additional software components</h2>
<p>Use the <a href="http://wikis.oracle.com/display/IpsBestPractices/">Update Tool</a> to install and update additional technologies and frameworks such as:</p>
<ul>
<li>OSGi HTTP Service</li>
<li>Generic Resource Adapter for JMS</li>
<li>OSGi Administration Console</li>
</ul>
<p>If you are using the web profile, you can also use Update Tool to obtain technologies that are included by default in the full platform, such as:</p>
<ul>
<li>Enterprise Java Beans</li>
<li><a href="http://metro.java.net/">Metro</a></li>
<li><a href="http://jersey.java.net/">Jersey</a></li>
</ul>
<p>To improve the user experience and optimize offerings to users, Oracle collects data about <a href="http://wikis.oracle.com/display/GlassFish/UsageMetrics">GlassFish Server usage</a> that is transmitted by the Update Tool installer as part of the automatic update processes. No personally identifiable information is collected by this process.</p>
<h2>Join the GlassFish community</h2>
<p>Visit the <a href="http://glassfish.java.net">GlassFish Community</a> page for information about how to join the GlassFish community. The GlassFish community is developing an open source, production-quality, enterprise-class application server that implements the newest features of the Java&trade; Platform, Enterprise Edition (Java EE) platform and related enterprise technologies.</p>
<h2>Learn more about GlassFish Server</h2>
<p>For more information about GlassFish Server, samples, documentation, and additional resources, see <var>as-install</var><code>/docs/about.html</code>, where <var>as-install</var> is the GlassFish Server installation directory.</p>
<hr style="width: 80%; height: 2px;">
<p class="copy"><a href="http://www.oracle.com/corporate/">Company Info</a> &nbsp;&nbsp;|&nbsp;&nbsp; <a href="http://www.oracle.com/corporate/contact/">Contact</a> &nbsp;&nbsp;|&nbsp;&nbsp;
Copyright &copy; 2010, 2013 Oracle Corporation &nbsp;&nbsp;|&nbsp;&nbsp; <a href="./copyright.html">Legal Notices</a></p></body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8383/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 12 Feb 2026 04:40:00 GMT
Server: Apache
Accept-Ranges: bytes
ETag: W/"107-1444224756000"
Last-Modified: Wed, 07 Oct 2015 13:32:36 GMT
Content-Length: 107
X-dc-header: yes
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

Response Body :

<!-- $Id$ -->
<html>
<head>
<META HTTP-EQUIV=Refresh CONTENT="0; URL=./configurations.do">
</head>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8484/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

X-Content-Type-Options: nosniff
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-Hudson-Theme: default
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 1.637
X-Jenkins-Session: 5665f74f
X-Hudson-CLI-Port: 49237
X-Jenkins-CLI-Port: 49237
X-Jenkins-CLI2-Port: 49237
X-Frame-Options: sameorigin
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvOkpN9k5rcq4zdeu1hU+P+MRQmEO+wvne7AUO2Swl9ejHofmOWkRjxAURGK4s6G+damK+gLG7VKQiicL3SNdLrjAbYuKYCQ3NdfRkfe1NziMlHdiPEHnuuXMy3VMJyBD5mPwL/VgRmaSs5QvsJTA71Xo2iFzldebwclFK/Y/JB4ct+IoJqMmaZWjCyRWQUTim5W2+qJRFnRXzllJCB8Dm9dVZnMxTmchWBFOoy1MSluae4CQjmovVu+INTv8JSPwnsjyZyCQKXjMHvak0/Iyw4RvKjoaaJwg9GA5fhpMNlEoDnMF2vBFGkz0+mg2AJRw2f/OQ3M85r1N/IcmDE35QIDAQAB
X-SSH-Endpoint: 192.168.122.168:49236
Content-Length: 10655
Server: Jetty(winstone-2.8)

Response Body :






<!DOCTYPE html><html><head resURL="/static/5665f74f">


<meta http-equiv="X-UA-Compatible" content="IE=Edge" /><title>Dashboard [Jenkins]</title><link rel="stylesheet" href="/static/5665f74f/css/style.css" type="text/css" /><link rel="stylesheet" href="/static/5665f74f/css/color.css" type="text/css" /><link rel="stylesheet" href="/static/5665f74f/css/responsive-grid.css" type="text/css" /><link rel="shortcut icon" href="/static/5665f74f/favicon.ico" type="image/vnd.microsoft.icon" /><link color="black" rel="mask-icon" href="/images/mask-icon.svg" /><script>var isRunAsTest=false; var rootURL=""; var resURL="/static/5665f74f";</script><script src="/static/5665f74f/scripts/prototype.js" type="text/javascript"></script><script src="/static/5665f74f/scripts/behavior.js" type="text/javascript"></script><script src='/adjuncts/5665f74f/org/kohsuke/stapler/bind.js' type='text/javascript'></script><script src="/static/5665f74f/scripts/yui/yahoo/yahoo-min.js"></script><script src="/static/5665f74f/scripts/yui/dom/dom-min.js"></script><script src="/static/5665f74f/scripts/yui/event/event-min.js"></script><script src="/static/5665f74f/scripts/yui/animation/animation-min.js"></script><script src="/static/5665f74f/scripts/yui/dragdrop/dragdrop-min.js"></script><script src="/static/5665f74f/scripts/yui/container/container-min.js"></script><script src="/static/5665f74f/scripts/yui/connection/connection-min.js"></script><script src="/static/5665f74f/scripts/yui/datasource/datasource-min.js"></script><script src="/static/5665f74f/scripts/yui/autocomplete/autocomplete-min.js"></script><script src="/static/5665f74f/scripts/yui/menu/menu-min.js"></script><script src="/static/5665f74f/scripts/yui/element/element-min.js"></script><script src="/static/5665f74f/scripts/yui/button/button-min.js"></script><script src="/static/5665f74f/scripts/yui/storage/storage-min.js"></script><script src="/static/5665f74f/scripts/hudson-behavior.js" type="text/javascript"></script><script src="/static/5665f74f/scripts/sortable.js" type="text/javascript"></script><script>crumb.init("", "");</script><link rel="stylesheet" href="/static/5665f74f/scripts/yui/container/assets/container.css" type="text/css" /><link rel="stylesheet" href="/static/5665f74f/scripts/yui/assets/skins/sam/skin.css" type="text/css" /><link rel="stylesheet" href="/static/5665f74f/scripts/yui/container/assets/skins/sam/container.css" type="text/css" /><link rel="stylesheet" href="/static/5665f74f/scripts/yui/button/assets/skins/sam/button.css" type="text/css" /><link rel="stylesheet" href="/static/5665f74f/scripts/yui/menu/assets/skins/sam/menu.css" type="text/css" /><link rel="search" href="/opensearch.xml" type="application/opensearchdescription+xml" title="Jenkins" /><meta name="ROBOTS" content="INDEX,NOFOLLOW" /><link rel="alternate" href="/rssAll" title="Jenkins:All (all builds)" type="application/rss+xml" /><link rel="alternate" href="/rssAll?flavor=rss20" title="Jenkins:All (all builds) (RSS 2.0)" type="application/rss+xml" /><link rel="alternate" href="/rssFailed" title="Jenkins:All (failed builds)" type="application/rss+xml" /><link rel="alternate" href="/rssFailed?flavor=rss20" title="Jenkins:All (failed builds) (RSS 2.0)" type="application/rss+xml" /><script src="/static/5665f74f/scripts/yui/cookie/cookie-min.js"></script><script>
YAHOO.util.Cookie.set("screenResolution", screen.width+"x"+screen.height);
</script><script src="/static/5665f74f/scripts/yui/cookie/cookie-min.js"></script><script src="/static/5665f74f/scripts/msie.js" type="text/javascript"></script></head><body data-model-type="hudson.model.AllView" id="jenkins" class="yui-skin-sam jenkins-1.637" data-version="jenkins-1.637"><a href="#skip2content" class="skiplink">Skip to content</a><div id="page-head"><div id="header"><div class="logo"><a id="jenkins-home-link" href="/"><img src="/static/5665f74f/images/headshot.png" alt="title" id="jenkins-head-icon" /><img src="/static/5665f74f/images/title.png" alt="title" width="139" id="jenkins-name-icon" height="34" /></a></div><div class="login"></div><div class="searchbox hidden-xs"><form method="get" name="search" action="/search/" style="position:relative;" class="no-json"><div id="search-box-minWidth"></div><div id="search-box-sizer"></div><div id="searchform"><input name="q" placeholder="search" id="search-box" class="has-default-text" /> <a href="http://wiki.jenkins-ci.org/display/JENKINS/Search+Box"><img src="/static/5665f74f/images/16x16/help.png" style="width: 16px; height: 16px; " class="icon-help icon-sm" /></a><div id="search-box-completion"></div><script>createSearchBox("/search/");</script></div></form></div></div><div id="breadcrumbBar"><tr id="top-nav"><td id="left-top-nav" colspan="2"><link rel='stylesheet' href='/adjuncts/5665f74f/lib/layout/breadcrumbs.css' type='text/css' /><script src='/adjuncts/5665f74f/lib/layout/breadcrumbs.js' type='text/javascript'></script><div class="top-sticker noedge"><div class="top-sticker-inner"><div id="right-top-nav"><div id="right-top-nav"><div class="smallfont"><a href="?auto_refresh=true">ENABLE AUTO REFRESH</a></div></div></div><ul id="breadcrumbs"><li class="item"><a href="/" class="model-link inside">Jenkins</a></li><li href="/" class="children"></li></ul><div id="breadcrumb-menu-target"></div></div></div></td></tr></div></div><div id="page-body"><div id="side-panel"><div id="tasks"><div class="task"><a href="/view/All/newJob" class="task-icon-link"><img src="/static/5665f74f/images/24x24/new-package.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-new-package icon-md" /></a> <a href="/view/All/newJob" class="task-link">New Item</a></div><div class="task"><a href="/asynchPeople/" class="task-icon-link"><img src="/static/5665f74f/images/24x24/user.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-user icon-md" /></a> <a href="/asynchPeople/" class="task-link">People</a></div><div class="task"><a href="/view/All/builds" class="task-icon-link"><img src="/static/5665f74f/images/24x24/notepad.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-notepad icon-md" /></a> <a href="/view/All/builds" class="task-link">Build History</a></div><div class="task"><a href="/manage" class="task-icon-link"><img src="/static/5665f74f/images/24x24/setting.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-setting icon-md" /></a> <a href="/manage" class="task-link">Manage Jenkins</a></div><div class="task"><a href="/credential-store" class="task-icon-link"><img src="/static/5665f74f/plugin/credentials/images/48x48/credentials.png" alt="" style="width: 24px; height: 24px; margin: 2px;" /></a> <a href="/credential-store" class="task-link">Credentials</a></div></div><div id="buildQueue" class="container-fluid pane-frame track-mouse expanded"><div class="row"><div class="col-xs-24 pane-header"><a href="/toggleCollapse?paneId=buildQueue" title="collapse" class="collapse"><img src="/static/5665f74f/images/16x16/collapse.png" alt="collapse" style="width: 16px; height: 16px; " class="icon-collapse icon-sm" /></a>Build Queue</div></div><div class="row pane-content"><table class="pane "><tr><td class="pane" colspan="2">No builds in the queue.</td></tr></table></div></div><script defer="defer">refreshPart('buildQueue',"/ajaxBuildQueue");</script><div id="executors" class="container-fluid pane-frame track-mouse expanded"><div class="row"><div class="col-xs-24 pane-header"><a href="/toggleCollapse?paneId=executors" title="collapse" class="collapse"><img src="/static/5665f74f/images/16x16/collapse.png" alt="collapse" style="width: 16px; height: 16px; " class="icon-collapse icon-sm" /></a><a href='/computer/'>Build Executor Status</a></div></div><div class="row pane-content"><table class="pane "><colgroup><col width="30" /><col width="200*" /><col width="24" /></colgroup><tr></tr><tr><td class="pane" align="right" style="vertical-align: top">1</td><td class="pane">Idle</td><td class="pane"></td><td class="pane"></td></tr><tr><td class="pane" align="right" style="vertical-align: top">2</td><td class="pane">Idle</td><td class="pane"></td><td class="pane"></td></tr></table></div></div><script defer="defer">refreshPart('executors',"/ajaxExecutors");</script></div><div id="main-panel"><a name="skip2content"></a><div id="view-message"><div id="systemmessage"></div><div id="description"><div></div><div align="right"><a onclick="return replaceDescription();" id="description-link" href="editDescription"><img src="/static/5665f74f/images/16x16/notepad.png" style="width: 16px; height: 16px; " class="icon-notepad icon-sm" />add description</a></div></div></div><div><h1>Welcome to Jenkins!</h1><div class="call-to-action">Please <a href="newJob">create new jobs</a> to get started.</div></div></div></div><footer><div class="container-fluid"><div class="row"><div class="col-md-6" id="footer"></div><div class="col-md-18"><span class="page_generated">Page generated: Feb 11, 2026 8:40:00 PM</span><span class="rest_api"><a href="api/">REST API</a></span><span class="jenkins_ver"><a href="http://jenkins-ci.org/">Jenkins ver. 1.637</a></span><div id="l10n-dialog" class="dialog"></div><div id="l10n-footer" style="display:none; float:left"><a href="#" onclick="return showTranslationDialog();"><img src="/static/5665f74f/plugin/translation/flags.png" />
Help us localize this page
</a></div><script>var footer = document.getElementById('l10n-footer');
var f = document.getElementById('footer');
f.insertBefore(footer,f.firstChild);
footer.style.display="block";

var translation={};
translation.bundles = "kJMKUWtb85oUX6VHB3/y0YVwXSBeApwPENoWnmknEi9mioPLiQ0wyJBQRD3niNPPQzZkp3lQ593oKaiNpMAYOYccoN3L8dGwbpXBR9t8W4zphAHJNnv3M1cTD0AQb55KoInvpS6JzgL0snAlMPdK+7ysTuQ219lGPVhg/Oez0GoAZHb0x3c/29enWMVkSU4xwtk1s5Nn/jKb3OD7rMnKv5QKAv/+D5+PT234Jb1OzUkYV8faZC+aV1ng4d55MW01n1+Shuul5Z5aRJjbJH/zPJqWSHO9qR0ZS+Kxlirm2Pm3a2sgxASfW7DkZTdtohawrPtDnWUOJplJv2h3c8ImC6gG9Z4Zp/AR4PmKz6jQm1d7D6PLjMjB/mVURQtiwadJ5ZoBgX6mBQm2dPPBYP/CXOnld4npVHAvf60D0ArWV5j71lUBOH7fEs96oA5DBnZD1eATL51qcJ35436CNwqk9xBf/EDInGgWgVbeqaKD+NSn0ieI3wlNZxlkrR72iavbcIJnTOM+8STJQ+XGgCM3OzLLzZhZvIOVqkRk66HFmo+XHnvFOuv3Gkx9FGaPCuOa";
translation.detectedLocale = "";

function showTranslationDialog() {
if(!translation.launchDialog)
loadScript("/static/5665f74f/plugin/translation/dialog.js");
else
translation.launchDialog();
return false;
}</script></div></div></div></footer></body></html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8585/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Thu, 12 Feb 2026 04:40:00 GMT
Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
X-Powered-By: PHP/5.3.10
Content-Length: 4462
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html

Response Body :

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html lang="en" xml:lang="en">
<head>
<title>WAMPSERVER Homepage</title>
<meta http-equiv="Content-Type" content="txt/html; charset=utf-8" />

<style type="text/css">
* {
margin: 0;
padding: 0;
}

html {
background: #ddd;
}
body {
margin: 1em 10%;
padding: 1em 3em;
font: 80%/1.4 tahoma, arial, helvetica, lucida sans, sans-serif;
border: 1px solid #999;
background: #eee;
position: relative;
}
#head {
margin-bottom: 1.8em;
margin-top: 1.8em;
padding-bottom: 0em;
border-bottom: 1px solid #999;
letter-spacing: -500em;
text-indent: -500em;
height: 125px;
background: url(index.php?img=gifLogo) 0 0 no-repeat;
}
.utility {
position: absolute;
right: 4em;
top: 145px;
font-size: 0.85em;
}
.utility li {
display: inline;
}

h2 {
margin: 0.8em 0 0 0;
}

ul {
list-style: none;
margin: 0;
padding: 0;
}
#head ul li, dl ul li, #foot li {
list-style: none;
display: inline;
margin: 0;
padding: 0 0.2em;
}
ul.vhosts, ul.aliases, ul.projects, ul.tools {
list-style: none;
line-height: 24px;
}
ul.vhosts a, ul.aliases a, ul.projects a, ul.tools a {
padding-left: 22px;
background: url(index.php?img=pngFolder) 0 100% no-repeat;
}
ul.tools a {
background: url(index.php?img=pngWrench) 0 100% no-repeat;
}
ul.aliases a {
background: url(index.php?img=pngFolderGo) 0 100% no-repeat;
}
ul.vhosts a {
background: url(index.php?img=pngFolderGo) 0 100% no-repeat;
}
dl {
margin: 0;
padding: 0;
}
dt {
font-weight: bold;
text-align: right;
width: 11em;
clear: both;
}
dd {
margin: -1.35em 0 0 12em;
padding-bottom: 0.4em;
overflow: auto;
}
dd ul li {
float: left;
display: block;
width: 16.5%;
margin: 0;
padding: 0 0 0 20px;
background: url(index.php?img=pngPlugin) 2px 50% no-repeat;
line-height: 1.6;
}
a {
color: #024378;
font-weight: bold;
text-decoration: none;
}
a:hover {
color: #04569A;
text-decoration: underline;
}
#foot {
text-align: center;
margin-top: 1.8em;
border-top: 1px solid #999;
padding-top: 1em;
font-size: 0.85em;
}
</style>

<link rel="shortcut icon" href="index.php?img=favicon" type="image/ico" />
</head>

<body>
<div id="head">
<h1><abbr title="Windows">W</abbr><abbr title="Apache">A</abbr><abbr title="MySQL">M</abbr><abbr title="PHP">P</abbr></h1>
<ul>
<li>PHP 5</li>
<li>Apache 2</li>
<li>MySQL 5</li>
</ul>
</div>

<ul class="utility">
<li>Version 2.2</li>
<li><a href="?lang=fr">Version Fran&ccedil;aise</a></li>
</ul>

<h2> Server Configuration </h2>

<dl class="content">
<dt>Apache Version :</dt>
<dd>2.2.21 &nbsp;</dd>
<dt>PHP Version :</dt>
<dd>5.3.10 &nbsp;</dd>
<dt>Loaded Extensions : </dt>
<dd>
<ul>
<li>Core</li><li>bcmath</li><li>calendar</li><li>com_dotnet</li><li>ctype</li><li>date</li><li>ereg</li><li>filter</li><li>ftp</li><li>hash</li><li>iconv</li><li>json</li><li>mcrypt</li><li>SPL</li><li>odbc</li><li>pcre</li><li>Reflection</li><li>session</li><li>standard</li><li>mysqlnd</li><li>tokenizer</li><li>zip</li><li>zlib</li><li>libxml</li><li>dom</li><li>PDO</li><li>Phar</li><li>SimpleXML</li><li>wddx</li><li>xml</li><li>xmlreader</li><li>xmlwriter</li><li>apache2handler</li><li>mbstring</li><li>gd</li><li>mysql</li><li>mysqli</li><li>pdo_mysql</li><li>pdo_sqlite</li><li>mhash</li><li>xdebug</li>
</ul>
</dd>
<dt>MySQL Version :</dt>
<dd>5.5.20 &nbsp;</dd>
</dl>
<h2>Tools</h2>
<ul class="tools">
<li><a href="?phpinfo=1">phpinfo()</a></li>
<li><a href="phpmyadmin/">phpmyadmin</a></li>
</ul>
<h2>Your Projects</h2>
<ul class="projects">
<li><a href="uploads">uploads</a></li><li><a href="wordpress">wordpress</a></li>
</ul>
<h2>Your Virtual Hosts</h2>
<ul class="vhosts">

</ul>
<h2>Your Aliases</h2>
<ul class="aliases">
<li><a href="httpd-dav/">httpd-dav</a></li><li><a href="phpmyadmin/">phpmyadmin</a></li><li><a href="sqlbuddy/">sqlbuddy</a></li><li><a href="webgrind/">webgrind</a></li>
</ul>
<ul id="foot">
<li><a href="http://www.wampserver.com">WampServer</a></li> -
<li><a href="http://www.wampserver.com/en/donations.php">Donate</a></li> -
<li><a href="http://www.alterway.fr">Alter Way</a></li>
</ul>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/9200/elasticsearch


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Access-Control-Allow-Origin: *
Content-Type: application/json; charset=UTF-8
Content-Length: 310

Response Body :

{
"status" : 200,
"name" : "Brunnhilda",
"version" : {
"number" : "1.1.1",
"build_hash" : "f1585f096d3f3985e73456debdc1a0745f512bbc",
"build_timestamp" : "2014-04-16T14:27:12Z",
"build_snapshot" : false,
"lucene_version" : "4.7"
},
"tagline" : "You Know, for Search"
}

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/47001/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 12 Feb 2026 04:39:59 GMT
Connection: close
Content-Length: 315

Response Body :

179947 - Intel CPUID detection
-
Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/08/18, Modified: 2026/01/20
Plugin Output

tcp/135/epmap

Nessus was able to extract the following cpuid: 806C1

92421 - Internet Explorer Typed URLs
-
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/05/08
Plugin Output

tcp/0

http://go.microsoft.com/fwlink/?LinkId=69157
http://localhost:4848/

Internet Explorer typed URL report attached.

148499 - Java Detection and Identification (Windows)
-
Synopsis
Java is installed on the remote Windows host.
Description
One or more instances of Java are installed on the remote Windows host. This may include private JREs bundled with the Java Development Kit (JDK).

- This plugin attempts to detect Oracle and non-Oracle JRE instances such as Zulu Java, Amazon Corretto, AdoptOpenJDK, IBM Java, etc

- Additional instances of Java may be discovered if 'Perform thorough tests' is enabled.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0690
Plugin Information
Published: 2021/04/14, Modified: 2026/01/20
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Java:

Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Version : 8.0.141.15
Application : Oracle Java
Binary Location : C:\Program Files (x86)\Java\jre1.8.0_141\bin\java.exe
Details : This Java install appears to be Oracle Java, confirmed by associated
files (high confidence).
Detection Method : Found in Registry

Path : C:\Program Files\Java\jre1.8.0_141\
Version : 8.0.141.15
Application : Oracle Java
Binary Location : C:\Program Files\Java\jre1.8.0_141\bin\java.exe
Details : This Java install appears to be Oracle Java, confirmed by associated
files (high confidence).
Detection Method : Found in Registry

65743 - Java JRE Enabled (Internet Explorer)
-
Synopsis
The remote host has Java JRE enabled for Internet Explorer.
Description
Java JRE is enabled in Internet Explorer. Internet Explorer is no longer supported by Microsoft.
See Also
Solution
Apply Microsoft 'Fix it' 50994 unless Java is needed.
Risk Factor
None
Plugin Information
Published: 2013/03/29, Modified: 2024/10/02
Plugin Output

tcp/445/cifs


Java is enabled for the following ActiveX controls and SIDs :
ActiveX CLSIDs :
{8AD9C840-044E-11D1-B3E9-00805F499D93}
{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0001-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0002-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0003-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0004-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0005-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-0017-0006-FFFF-ABCDEFFEDCBA}
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

User SIDs :
S-1-5-21-3331990163-568474530-1720004626-1000

Note that this check may be incomplete as Nessus can only check the
SIDs of logged on users.
65739 - Java JRE Universally Enabled
-
Synopsis
Java JRE has not been universally disabled on the remote host.
Description
Java JRE has not been universally disabled on the remote host via the Java control panel.
Note that while Java can be individually disabled for each browser, universally disabling Java prevents it from running for all users and browsers.
Functionality to disable Java universally in Windows may not be available in all versions of Java.
See Also
Solution
Disable Java universally unless it is needed.
Risk Factor
None
Plugin Information
Published: 2013/03/29, Modified: 2024/10/02
Plugin Output

tcp/445/cifs

56877 - KVM / QEMU Guest Detection (uncredentialed check)
-
Synopsis
The remote host is a KVM / QEMU virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a KVM / QEMU virtual machine.
Solution
Ensure that the host's configuration agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2011/11/21, Modified: 2019/11/22
Plugin Output

tcp/0

53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
-
Synopsis
The remote device supports LLMNR.
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2011/04/21, Modified: 2023/10/17
Plugin Output

udp/5355/llmnr


According to LLMNR, the name of the remote host is 'vagrant-2008R2'.

160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection
-
Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2022/04/28, Modified: 2022/12/29
Plugin Output

tcp/445/cifs


LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.
66869 - MS KB2813430: Update to Improve Cryptography and Digital Certificate Handling in Windows
-
Synopsis
The remote host is missing an update that improves cryptography and digital certificate handling in Windows.
Description
The remote host is missing Microsoft KB2813430, an update that improves cryptography and digital certificate handling in Windows.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
None
References
MSKB 2813430
Plugin Information
Published: 2013/06/11, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\crypt32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18142
69333 - MS KB2861855: Updates to Improve Remote Desktop Protocol Network-Level Authentication
-
Synopsis
The remote host is missing an update for Remote Desktop Protocol.
Description
The remote host is missing Microsoft KB2861855. This update provides defense-in-depth measures for Remote Desktop Protocol Network Level Authentication.
See Also
Solution
Microsoft has released patches for Windows Vista, Server 2008, 7, and Server 2008 R2.
Risk Factor
None
References
MSKB 2861855
Plugin Information
Published: 2013/08/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\drivers\tssecsrv.sys has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18186
69332 - MS KB2862966: Updates to Improve Cryptography and Digital Certificate Handling in Windows
-
Synopsis
The remote host is missing an update that improves cryptography and digital certificate handling in Windows.
Description
The remote host is missing Microsoft KB2862966, an update that improves cryptography and digital certificate handling in Windows.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.
Risk Factor
None
References
MSKB 2862966
Plugin Information
Published: 2013/08/14, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\crypt32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18205
73990 - MS KB2871997: Update to Improve Credentials Protection and Management
-
Synopsis
The remote Windows host is missing an update to improve credentials protection and management.
Description
The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft.

- For Windows 7 / 2008 R2 :
KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is installed) or KB2984981 (if KB2830477 is installed).

- For Windows 8 / 2012 :
KB2973501, KB2871997, and KB2973351 are required.

- For Windows 8.1 / 2012 R2 :
KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed).

These updates provide additional protection for the Local Security Authority (LSA), add a restricted administrative mode for Credential Security Support Provider (CredSSP), introduce support for the protected account-restricted domain user category, enforce stricter authentication policies, add additional protection for users'
credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop Protocol.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
None
STIG Severity
II
References
MSKB 2871997
XREF IAVA:2016-A-0327-S
Plugin Information
Published: 2014/05/14, Modified: 2021/06/03
Plugin Output

tcp/445/cifs



KB : 2871997
- C:\Windows\system32\kerberos.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18409

KB : 2973351
- C:\Windows\system32\lsasrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18496

KB : 2982378
- C:\Windows\system32\lsasrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18526

KB : 2984972
- C:\Windows\system32\credssp.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18540

KB : 3126593
- C:\Windows\system32\lsasrv.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.19131

Missing KBs :
2871997
2973351
2982378
2984972
3126593

A required registry setting is missing:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential = 0

More information: https://blogs.technet.microsoft.com/kfalde/2014/11/01/kb2871997-and-wdigest-part-1/
81731 - MS KB3033929: Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
-
Synopsis
The remote host is missing an update that improves cryptography and digital certificate handling in Windows.
Description
The remote host is missing Microsoft KB3033929, an update that improves cryptography and digital certificate handling in Windows 7 and Windows Server 2008 R2.
See Also
Solution
Microsoft has released a set of patches for Windows 7 and 2008 R2.

Note that KB3033929 has binaries in common with KB3035131 from bulletin MS15-025. Customers planning to install both should install KB3035131 before KB3033929.
Risk Factor
None
References
MSKB 3033929
Plugin Information
Published: 2015/03/10, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\crypt32.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18741
83359 - MS KB3042058: Update to Default Cipher Suite Priority Order
-
Synopsis
The remote Windows host is missing an update to the cipher suite.
Description
The remote Windows host is missing an update to the cryptographic cipher suite prioritization. The update adds additional cipher suites and improves cipher suite priority ordering.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

Note that Microsoft has only made this update available via the Microsoft Download Center. It will be available via Microsoft Update and WSUS in Q4 of 2015.
Risk Factor
None
References
MSKB 3042058
Plugin Information
Published: 2015/05/12, Modified: 2018/11/15
Plugin Output

tcp/445/cifs



- C:\Windows\system32\Schannel.dll has not been patched.
Remote version : 6.1.7601.17514
Should be : 6.1.7601.18812
85880 - MS KB3083992: Update to Improve AppLocker Publisher Rule Enforcement
-
Synopsis
The remote Windows host is missing a security update that prevents a potential rules bypass.
Description
The remote Windows host is missing KB3083992, a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker. Specifically, the update corrects how AppLocker handles certificates to prevent bypassing publisher rules.
See Also
Solution
Install Microsoft KB3083992.
Risk Factor
None
STIG Severity
II
References
MSKB 3083992
XREF IAVA:2015-A-0217-S
Plugin Information
Published: 2015/09/09, Modified: 2021/06/03
Plugin Output

tcp/445/cifs



KB : 3083992
- C:\Windows\system32\Appidsvc.dll has not been patched.
Remote version : 6.1.7600.16385
Should be : 6.1.7601.18950

92424 - MUICache Program Execution History
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI proxy service driver.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\rascfg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client
@netcfgx.dll,-50002 : Allows your computer to access resources on a Microsoft network.
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\tcpipcfg.dll,-50001 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wuaueng.dll,-105 : Windows Update
@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\sens.dll,-200 : System Event Notification Service
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@oleres.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\dnsapi.dll,-101 : DNS Client
@%systemroot%\system32\drivers\dfsc.sys,-101 : DFS Namespace Client Driver
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\locator.exe,-2 : Remote Procedure Call (RPC) Locator
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\wudfsvc.dll,-1000 : Windows Driver Foundation - User-mode Driver Framework
@gpapi.dll,-112 : Group Policy Client
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@%systemroot%\system32\drivers\ws2ifsl.sys,-1000 : Winsock IFS Driver
@%systemroot%\system32\qmgr.dll,-1000 : Background Intelligent Transfer Service
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\drivers\tssecsrv.sys,-101 : Remote Desktop Services Security Filter Driver
@%systemroot%\system32\srvsvc.dll,-102 : Server SMB 1.xxx Driver
@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelinstallrc.dll,-8199 : Net.Tcp Listener Adapter
@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelinstallrc.dll,-8195 : Net.Msmq Listener Adapter
@%systemroot%\system32\netprofm.dll,-202 : Network List Service
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub Sysytem
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\rascfg.dll,-32009 : Allows you to securely connect to a private network using the Internet.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@%systemroot%\system32\drivers\http.sys,-1 : HTTP
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management)
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\rascfg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\wlms\wlms.exe,-1 : Windows Licensing Monitoring Service
@%systemroot%\system32\aelupsvc.dll,-1 : Application Experience
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%systemroot%\system32\rascfg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition Manager
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\firewallapi.dll,-23092 : Windows Firewall Authorization Driver
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Access
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log
@%systemroot%\system32\rascfg.dll,-32008 : Allows you to securely connect to a private network using the Internet.
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%systemroot%\system32\drivers\rdpcdd.sys,-100 : RDPCDD
@%systemroot%\system32\browser.dll,-102 : Browser Support Driver
@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service
@netcfgx.dll,-50003 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent
@%systemroot%\system32\umpnpmgr.dll,-100 : Plug and Play
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@tcpipcfg.dll,-50002 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@%systemroot%\system32\snmptrap.exe,-3 : SNMP Trap
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\sstpsvc.dll,-203 : Allows you to securely connect to a private network using the Internet.
@regsvc.dll,-1 : Remote Registry
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%systemroot%\system32\defragsvc.dll,-101 : Disk Defragmenter
@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\rascfg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\rascfg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\vmstorfltres.dll,-1000 : Disk Virtual Machine Bus Acceleration Filter Driver
@%systemroot%\system32\umpo.dll,-100 : Power
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@oleres.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\rascfg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
languagelist : en-US

71216 - ManageEngine Endpoint Central Detection
-
Synopsis
The remote web server hosts a desktop and mobile device management application.
Description
The remote web server hosts ManageEngine Endpoint Central, a Java-based desktop and mobile device management web application.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0644
Plugin Information
Published: 2013/12/04, Modified: 2026/01/19
Plugin Output

tcp/8020/www


URL : http://192.168.122.168:8020/
Version : 9
build : 91084

71216 - ManageEngine Endpoint Central Detection
-
Synopsis
The remote web server hosts a desktop and mobile device management application.
Description
The remote web server hosts ManageEngine Endpoint Central, a Java-based desktop and mobile device management web application.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0644
Plugin Information
Published: 2013/12/04, Modified: 2026/01/19
Plugin Output

tcp/8022/www


URL : http://192.168.122.168:8022/
Version : 9
build : 91084

71216 - ManageEngine Endpoint Central Detection
-
Synopsis
The remote web server hosts a desktop and mobile device management application.
Description
The remote web server hosts ManageEngine Endpoint Central, a Java-based desktop and mobile device management web application.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0644
Plugin Information
Published: 2013/12/04, Modified: 2026/01/19
Plugin Output

tcp/8383/www


URL : https://192.168.122.168:8383/
Version : 9
build : 91084

148037 - ManageEngine Endpoint Central Installed
-
Synopsis
ManageEngine Endpoint Central is installed on the remote Windows host.
Description
ManageEngine Endpoint Central is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/03/24, Modified: 2026/01/07
Plugin Output

tcp/445/cifs


Path : C:\ManageEngine\DesktopCentral_Server
Version : 9.1.0
51351 - Microsoft .NET Framework Detection
-
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0655
Plugin Information
Published: 2010/12/20, Modified: 2025/10/15
Plugin Output

tcp/445/cifs


Nessus detected 3 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727
Version : 2.0.50727
Full Version : 2.0.50727.5420
SP : 2

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.5.1
Full Version : 4.5.50938
Install Type : Full
Release : 378758

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.5.1
Full Version : 4.5.50938
Install Type : Client
Release : 378758
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection
-
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/03/07, Modified: 2026/01/07
Plugin Output

tcp/445/cifs


Type : Admin Groups
Is Enabled : False

Type : User Groups
Is Enabled : False

162560 - Microsoft Internet Explorer Installed
-
Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/06/28, Modified: 2026/01/07
Plugin Output

tcp/0


Path : C:\Windows\system32\mshtml.dll
Version : 8.0.7601.17514

72367 - Microsoft Internet Explorer Version Detection
-
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0509
Plugin Information
Published: 2014/02/06, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Version : 8.0.7601.17514
57033 - Microsoft Patch Bulletin Feasibility Check
-
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/06, Modified: 2021/07/12
Plugin Output

tcp/445/cifs



Nessus is able to test for missing patches using :
Nessus

125835 - Microsoft Remote Desktop Connection Installed
-
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/06/12, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\Windows\\System32\\mstsc.exe
Version : 6.1.7601.17514

56954 - Microsoft Revoked Digital Certificates Enumeration
-
Synopsis
The remote Windows host a list of revoked digital certificates.
Description
The remote Windows host contains a list of digital certificates that have been revoked by Microsoft.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/11/28, Modified: 2015/01/12
Plugin Output

tcp/445/cifs


The following certificates are listed in the disallowed certificate registry :

637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
7D7F4414CCEF168ADF6BF40753B5BECD78375931
10902 - Microsoft Windows 'Administrators' Group User List
-
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/445/cifs


The following users are members of the 'Administrators' group :

- VAGRANT-2008R2\Administrator (User)
- VAGRANT-2008R2\vagrant (User)
- VAGRANT-2008R2\sshd_server (User)

10904 - Microsoft Windows 'Backup Operators' Group User List
-
Synopsis
There is at least one user in the 'Backup Operators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Backup Operators' group. Members of this group can logon to the remote host and perform backup operations (read/write files) but have no administrative rights.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/0


The following user is a member of the 'Backup Operators' group :

- VAGRANT-2008R2\leia_organa (User)

48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
-
Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:

- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)

- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)

- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/26, Modified: 2019/12/20
Plugin Output

tcp/445/cifs


Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing

10905 - Microsoft Windows 'Print Operators' Group User List
-
Synopsis
There is at least one user in the 'Print Operators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Print Operators' group. Members of this group can manage printers within a Windows Domain or shutdown a server.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/0


The following user is a member of the 'Print Operators' group :

- VAGRANT-2008R2\jabba_hutt (User)
10906 - Microsoft Windows 'Replicator' Group User List
-
Synopsis
There is at least one user in the 'Replicator' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Replicator' group. Members of this group can replicate (or copy) files or directories within a domain.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/0


The following user is a member of the 'Replicator' group :

- VAGRANT-2008R2\chewbacca (User)
10913 - Microsoft Windows - Local Users Information : Disabled Accounts
-
Synopsis
At least one local user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
Plugin Information
Published: 2002/03/17, Modified: 2018/08/13
Plugin Output

tcp/0


The following local user accounts have been disabled :

- Guest
- sshd


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10914 - Microsoft Windows - Local Users Information : Never Changed Passwords
-
Synopsis
At least one local user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
Plugin Information
Published: 2002/03/17, Modified: 2019/07/08
Plugin Output

tcp/0


The following local user has never changed his/her password :\n
- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10916 - Microsoft Windows - Local Users Information : Passwords Never Expire
-
Synopsis
At least one local user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
Plugin Information
Published: 2002/03/17, Modified: 2018/08/13
Plugin Output

tcp/0


The following local users have passwords that never expire :

- vagrant
- sshd_server


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
10915 - Microsoft Windows - Local Users Information : User Has Never Logged In
-
Synopsis
At least one local user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
Plugin Information
Published: 2002/03/17, Modified: 2018/08/13
Plugin Output

tcp/0


The following local users have never logged in :

- Guest
- sshd
- leia_organa
- luke_skywalker
- han_solo
- artoo_detoo
- c_three_pio
- ben_kenobi
- darth_vader
- anakin_skywalker
- jarjar_binks
- lando_calrissian
- boba_fett
- jabba_hutt
- greedo
- chewbacca
- kylo_ren


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
92370 - Microsoft Windows ARP Table
-
Synopsis
Nessus was able to collect and report ARP table information from the remote host.
Description
Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2026/02/09
Plugin Output

tcp/0

192.168.122.1 : 52-54-00-6f-23-79
192.168.122.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
224.2.2.4 : 01-00-5e-02-02-04
239.77.124.213 : 01-00-5e-4d-7c-d5
255.255.255.255 : ff-ff-ff-ff-ff-ff

Extended ARP table information attached.
92371 - Microsoft Windows DNS Cache
-
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2026/02/09
Plugin Output

tcp/0

1.0.0.127.in-addr.arpa
localhost
localhost
teredo.ipv6.microsoft.com

DNS cache information attached.
92364 - Microsoft Windows Environment Variables
-
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0757
Plugin Information
Published: 2016/07/19, Modified: 2026/01/29
Plugin Output

tcp/0

Global Environment Variables :
windows_tracing_flags : 3
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
classpath : .;
number_of_processors : 2
os : Windows_NT
username : SYSTEM
java_home : C:\Program Files\Java\jdk1.8.0_144
chocolateyinstall : C:\ProgramData\chocolatey
fp_no_host_check : NO
temp : %SystemRoot%\TEMP
processor_revision : 8c01
path : C:\tools\ruby23\bin;C:\ProgramData\Oracle\Java\javapath;C:\ProgramData\Boxstarter;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenSSH\bin;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin;C:\Program Files\Java\jdk1.8.0_144\bin
tmp : %SystemRoot%\TEMP
processor_identifier : Intel64 Family 6 Model 140 Stepping 1, GenuineIntel
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.RB;.RBW
processor_architecture : AMD64
cygwin : mintty
windows_tracing_logfile : C:\BVTBin\Tests\installpackage\csilogfile.log
psmodulepath : C:\ProgramData\Boxstarter;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
windir : %SystemRoot%

Active User Environment Variables
- S-1-5-21-3331990163-568474530-1720004626-1000
userdomain : VAGRANT-2008R2
catalina_home : C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33
username : vagrant
chocolateylastpathupdate : Sun Aug 6 17:41:19 2017
temp : %USERPROFILE%\AppData\Local\Temp
logonserver : \\VAGRANT-2008R2
localappdata : C:\Users\vagrant\AppData\Local
tmp : %USERPROFILE%\AppData\Local\Temp
chocolateytoolslocation : C:\tools
homedrive : C:
userprofile : C:\Users\vagrant
psmodulepath : C:\Users\vagrant\Documents\WindowsPowerShell\Modules
homepath : \Users\vagrant
appdata : C:\Users\vagrant\AppData\Roaming
92365 - Microsoft Windows Hosts File
-
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/01/27
Plugin Output

tcp/0

Windows hosts file attached.

MD5: 58af0014e3c3e15e56b87a44457976e8
SHA-1: 3a66a2c85cc08017944185cf47f90707297122dc
SHA-256: 7fa59018d57d6d9a719d2306654ef0594f1b413bb556fa215780b09c2143c618
187318 - Microsoft Windows Installed
-
Synopsis
The remote host is running Microsoft Windows.
Description
The remote host is running Microsoft Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/12/27, Modified: 2026/01/05
Plugin Output

tcp/0


OS Name : Microsoft Windows Server 2008 R2
Vendor : Microsoft
Product : Windows Server
Release : 2008 R2
Edition : Standard
Version : 6.1.7601
Update : Service Pack 1
Role : server
Kernel : Windows NT 6.1
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_server_2008:r2:sp1:~~standard~~x64~
CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:standard:*:x64:*
Type : local
Method : SMB
Confidence : 100

20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
-
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0501
Plugin Information
Published: 2006/01/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following software are installed on the remote host :

7-Zip 16.04 (x64) [version 16.04]
OpenSSH for Windows 7.1p1-1 (remove only)
Oracle VM VirtualBox Guest Additions 5.1.22 [version 5.1.22.0]
WampServer 2.2 [installed on 2017/08/06]
Java 8 Update 141 [version 8.0.1410.15] [installed on 2017/08/06]
Java 8 Update 141 (64-bit) [version 8.0.1410.15] [installed on 2017/08/06]
Java Auto Updater [version 2.8.141.15] [installed on 2017/08/06]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/08/06]
Java SE Development Kit 8 Update 144 (64-bit) [version 8.0.1440.1] [installed on 2017/08/06]
Microsoft .NET Framework 4.5.1 [version 4.5.50938] [installed on 2017/08/06]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2017/08/06]
ManageEngine Desktop Central 9 - Server [version 9.0.0] [installed on 2017/08/06]
178102 - Microsoft Windows Installed Software Version Enumeration
-
Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2024/07/15
Plugin Output

tcp/445/cifs


The following software information is available on the remote host :

- Java Auto Updater
Best Confidence Version : 2.8.141.15
Version Confidence Level : 2
All Possible Versions : 52.7.34913, 2.8.141.15
Other Version Data
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 34078861
Parsed Version : 52.7.34913
[DisplayName] :
Raw Value : Java Auto Updater
[InstallDate] :
Raw Value : 2017/08/06
[DisplayVersion] :
Raw Value : 2.8.141.15
[VersionMinor] :
Raw Value : 8

- Java 8 Update 141
Best Confidence Version : 8.0.1410.15
Version Confidence Level : 2
All Possible Versions : 8.0.1410.15
Other Version Data
[VersionMajor] :
Raw Value : 8
[Version] :
Raw Value : 134219138
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Java\jre1.8.0_141\
[DisplayName] :
Raw Value : Java 8 Update 141
[UninstallString] :
Raw Value : MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180141F0}
[InstallDate] :
Raw Value : 2017/08/06
[DisplayVersion] :
Raw Value : 8.0.1410.15
[VersionMinor] :
Raw Value : 0

- Java 8 Update 141 (64-bit)
Best Confidence Version : 8.0.1410.15
Version Confidence Level : 2
All Possible Versions : 8.0.1410.15
Other Version Data
[InstallDate] :
Raw Value : 2017/08/06
[InstallLocation] :
Raw Value : C:\Program Files\Java\jre1.8.0_141\
[UninstallString] :
Raw Value : MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180141F0}
[VersionMinor] :
Raw Value : 0
[Version] :
Raw Value : 134219138
[VersionMajor] :
Raw Value : 8
[Publisher] :
Raw Value : Oracle Corporation
[DisplayVersion] :
Raw Value : 8.0.1410.15
[DisplayName] :
Raw Value : Java 8 Update 141 (64-bit)

- OpenSSH for Windows 7.1p1-1 (remove only)
Best Confidence Version : 7.1.1.1
Version Confidence Level : 3
All Possible Versions : 7.1.1.1
Other Version Data
[DisplayName] :
Raw Value : OpenSSH for Windows 7.1p1-1 (remove only)
[UninstallString] :
Raw Value : "C:\Program Files\OpenSSH\uninstall.exe" /x86=0
Parsed File Path : C:\Program Files\OpenSSH\uninstall.exe
Parsed File Version : 7.1.1.1
[Publisher] :
Raw Value : Mark Saeger/Original Author: Michael Johnson
[DisplayIcon] :
Raw Value : "C:\Program Files\OpenSSH\uninstall.exe",0
Parsed File Path : C:\Program Files\OpenSSH\uninstall.exe
Parsed File Version : 7.1.1.1

- Java SE Development Kit 8 Update 144 (64-bit)
Best Confidence Version : 8.0.1440.1
Version Confidence Level : 2
All Possible Versions : 8.0.1440.1
Other Version Data
[InstallDate] :
Raw Value : 2017/08/06
[InstallLocation] :
Raw Value : C:\Program Files\Java\jdk1.8.0_144\
[UninstallString] :
Raw Value : MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180144}
[VersionMinor] :
Raw Value : 0
[Version] :
Raw Value : 134219168
[VersionMajor] :
Raw Value : 8
[Publisher] :
Raw Value : Oracle Corporation
[DisplayVersion] :
Raw Value : 8.0.1440.1
[DisplayName] :
Raw Value : Java SE Development Kit 8 Update 144 (64-bit)

- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Best Confidence Version : 9.0.30729.6161
Version Confidence Level : 2
All Possible Versions : 9.0.30729.6161
Other Version Data
[VersionMajor] :
Raw Value : 9
[Version] :
Raw Value : 151025673
[DisplayName] :
Raw Value : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
[UninstallString] :
Raw Value : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
[InstallDate] :
Raw Value : 2017/08/06
[DisplayVersion] :
Raw Value : 9.0.30729.6161
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Best Confidence Version : 9.0.30729.6161
Version Confidence Level : 2
All Possible Versions : 9.0.30729.6161
Other Version Data
[VersionMajor] :
Raw Value : 9
[Version] :
Raw Value : 151025673
[DisplayName] :
Raw Value : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
[UninstallString] :
Raw Value : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
[InstallDate] :
Raw Value : 2017/08/06
[DisplayVersion] :
Raw Value : 9.0.30729.6161
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Oracle VM VirtualBox Guest Additions 5.1.22
Best Confidence Version : 5.1.22.0
Version Confidence Level : 3
All Possible Versions : 5.1.22.0
Other Version Data
[DisplayName] :
Raw Value : Oracle VM VirtualBox Guest Additions 5.1.22
[UninstallString] :
Raw Value : C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
Parsed File Path : C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
Parsed File Version : 5.1.22.0
[DisplayVersion] :
Raw Value : 5.1.22.0
[Publisher] :
Raw Value : Oracle Corporation

- WampServer 2.2
Best Confidence Version : 51.52.0.0
Version Confidence Level : 3
All Possible Versions : 51.52.0.0, 1.6.1.33
Other Version Data
[InstallLocation] :
Raw Value : c:\wamp\
[DisplayName] :
Raw Value : WampServer 2.2
[UninstallString] :
Raw Value : "c:\wamp\unins000.exe"
Parsed File Path : c:\wamp\unins000.exe
Parsed File Version : 51.52.0.0
[InstallDate] :
Raw Value : 2017/08/06
[DisplayIcon] :
Raw Value : c:\wamp\wampmanager.exe
Parsed File Path : c:\wamp\wampmanager.exe
Parsed File Version : 1.6.1.33

- Microsoft .NET Framework 4.5.1
Best Confidence Version : 4.5.50938
Version Confidence Level : 2
All Possible Versions : 103.72.29826, 4.5.50938
Other Version Data
[InstallDate] :
Raw Value : 2017/08/06
[DisplayIcon] :
Raw Value : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\DisplayIcon.ico
[InstallLocation] :
Raw Value : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\
[UninstallString] :
Raw Value : MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
[VersionMinor] :
Raw Value : 5
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67487482
Parsed Version : 103.72.29826
[Publisher] :
Raw Value : Microsoft Corporation
[DisplayVersion] :
Raw Value : 4.5.50938
[DisplayName] :
Raw Value : Microsoft .NET Framework 4.5.1

- 7-Zip 16.04 (x64)
Best Confidence Version : 16.4.0.0
Version Confidence Level : 3
All Possible Versions : 16.4.0.0, 16.04
Other Version Data
[VersionMajor] :
Raw Value : 16
[InstallLocation] :
Raw Value : C:\Program Files\7-Zip\
[DisplayName] :
Raw Value : 7-Zip 16.04 (x64)
[UninstallString] :
Raw Value : C:\Program Files\7-Zip\Uninstall.exe
Parsed File Path : C:\Program Files\7-Zip\Uninstall.exe
Parsed File Version : 16.4.0.0
[DisplayVersion] :
Raw Value : 16.04
[Publisher] :
Raw Value : Igor Pavlov
[VersionMinor] :
Raw Value : 4
[DisplayIcon] :
Raw Value : C:\Program Files\7-Zip\7zFM.exe
Parsed File Path : C:\Program Files\7-Zip\7zFM.exe
Parsed File Version : 16.4.0.0

- ManageEngine Desktop Central 9 - Server
Best Confidence Version : 9.0.0.0
Version Confidence Level : 3
All Possible Versions : 9.0.0.0, 9.0.0
Other Version Data
[VersionMajor] :
Raw Value : 9
[Version] :
Raw Value : 150994944
[InstallLocation] :
Raw Value : C:\ManageEngine\DesktopCentral_Server
[DisplayName] :
Raw Value : ManageEngine Desktop Central 9 - Server
[UninstallString] :
Raw Value : "C:\Program Files (x86)\InstallShield Installation Information\{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}\setup.exe" -runfromtemp -l0x0409 uninstall -removeonly
Parsed File Path : C:\Program Files (x86)\InstallShield Installation Information\{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}\setup.exe
Parsed File Version : 9.0.0.0
[InstallDate] :
Raw Value : 2017/08/06
[DisplayVersion] :
Raw Value : 9.0.0
[VersionMinor] :
Raw Value : 0

92366 - Microsoft Windows Last Boot Time
-
Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/07/09
Plugin Output

tcp/0

Last reboot : 2026-02-11T20:26:09-08:00 (20260211202609.484375-480)

161502 - Microsoft Windows Logged On Users
-
Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enumerate the SIDs of logged on users
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/05/25, Modified: 2025/10/01
Plugin Output

tcp/445/cifs

Logged on users :
- S-1-5-21-3331990163-568474530-1720004626-1000
Domain : VAGRANT-2008R2
Username : vagrant
63080 - Microsoft Windows Mounted Devices
-
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/11/28, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Name : \??\volume{3aefe34f-7b16-11e7-a4cb-806e6f6e6963}
Data : \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&394c0ad3&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d00560042004f0058005f00430044002d0052004f004d005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e0030005f005f005f005f005f002300350026003300390034006300300061006400330026003000260030002e0031002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\d:
Data : \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&394c0ad3&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d00560042004f0058005f00430044002d0052004f004d005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e0030005f005f005f005f005f002300350026003300390034006300300061006400330026003000260030002e0031002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{3aefe350-7b16-11e7-a4cb-806e6f6e6963}
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#5&34923401&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003500260033003400390032003300340030003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\c:
Data : JF
Raw data : 4a0c468f0000100000000000

Name : \dosdevices\a:
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#5&34923401&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003500260033003400390032003300340030003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{3aefe34c-7b16-11e7-a4cb-806e6f6e6963}
Data : JF
Raw data : 4a0c468f0000100000000000
103871 - Microsoft Windows Network Adapters
-
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0758
Plugin Information
Published: 2017/10/17, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Network Adapter Driver Description : Intel(R) PRO/1000 MT Desktop Adapter
Network Adapter Driver Version : 8.4.1.0

Network Adapter Driver Description : Intel(R) PRO/1000 MT Network Connection
Network Adapter Driver Version : 8.4.1.0

92367 - Microsoft Windows PowerShell Execution Policy
-
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/06/12
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned

151440 - Microsoft Windows Print Spooler Service Enabled
-
Synopsis
The Microsoft Windows Print Spooler service on the remote host is enabled.
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/07, Modified: 2021/07/07
Plugin Output

tcp/445/cifs

The Microsoft Windows Print Spooler service on the remote host is enabled.

70329 - Microsoft Windows Process Information
-
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2026/01/20
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : csrss.exe (300)
0 : |- conhost.exe (1064)
0 : |- conhost.exe (1172)
0 : |- conhost.exe (1260)
0 : |- conhost.exe (1320)
0 : |- conhost.exe (1388)
0 : |- conhost.exe (1548)
0 : |- conhost.exe (1960)
0 : |- conhost.exe (2004)
0 : |- conhost.exe (2096)
0 : |- conhost.exe (4048)
0 : wininit.exe (340)
0 : |- services.exe (436)
0 : |- wrapper.exe (1096)
0 : |- java.exe (1632)
0 : |- domain1Service.exe (1184)
0 : |- cmd.exe (1312)
0 : |- java.exe (1360)
0 : |- java.exe (1944)
0 : |- elasticsearch-service-x64.exe (1252)
0 : |- jenkins.exe (1296)
0 : |- java.exe (3140)
0 : |- jmx.exe (1532)
0 : |- cmd.exe (1856)
0 : |- java.exe (2176)
0 : |- dcnotificationserver.exe (1624)
0 : |- dcserverhttpd.exe (1676)
0 : |- dcserverhttpd.exe (1076)
0 : |- dcrotatelogs.exe (2084)
0 : |- dcrotatelogs.exe (1980)
0 : |- svchost.exe (1848)
0 : |- svchost.exe (2024)
0 : |- mysqld.exe (2044)
0 : |- svchost.exe (240)
0 : |- httpd.exe (3036)
0 : |- httpd.exe (3464)
0 : |- wlms.exe (3116)
0 : |- svchost.exe (3864)
0 : |- sppsvc.exe (3892)
0 : |- svchost.exe (4016)
1 : |- taskhost.exe (4772)
0 : |- svchost.exe (548)
0 : |- WmiPrvSE.exe (4428)
0 : |- WmiPrvSE.exe (5504)
0 : |- WmiPrvSE.exe (5948)
0 : |- TrustedInstaller.exe (5684)
0 : |- svchost.exe (636)
0 : |- svchost.exe (720)
0 : |- svchost.exe (772)
0 : |- taskeng.exe (12)
0 : |- cmd.exe (1044)
0 : |- ruby.exe (1884)
0 : |- ruby.exe (4612)
0 : |- svchost.exe (820)
0 : |- svchost.exe (868)
1 : |- dwm.exe (5040)
0 : |- spoolsv.exe (900)
0 : |- svchost.exe (908)
0 : |- lsass.exe (444)
0 : |- lsm.exe (452)
1 : csrss.exe (348)
1 : |- conhost.exe (4556)
1 : winlogon.exe (376)
0 : System (4)
1 : explorer.exe (4136)
1 : |- powershell.exe (268)
1 : |- DesktopCentral.exe (3784)
0 : cmd.exe (4200)
0 : |- postgres.exe (4220)
0 : |- postgres.exe (3028)
0 : |- postgres.exe (4288)
0 : |- postgres.exe (4432)
0 : |- postgres.exe (4444)
0 : |- postgres.exe (4452)
0 : |- postgres.exe (4460)
0 : |- postgres.exe (4468)
0 : |- postgres.exe (4476)
0 : |- postgres.exe (4484)
0 : |- postgres.exe (4548)
0 : |- postgres.exe (5464)
0 : |- postgres.exe (5612)
0 : System (4)
0 : |- smss.exe (224)
70331 - Microsoft Windows Process Module Information
-
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2026/01/20
Plugin Output

tcp/0

Process_Modules_.csv : lists the loaded modules for each process.

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/135/epmap


The Win32 process 'svchost.exe' is listening on this port (pid 636).

This process 'svchost.exe' (pid 636) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@oleres.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/137/netbios-ns


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/138


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/139/smb


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/445/cifs


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/500


The Win32 process 'svchost.exe' is listening on this port (pid 772).

This process 'svchost.exe' (pid 772) is hosting the following Windows services :
AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/1617


The Win32 process 'java.exe' is listening on this port (pid 2176).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/3000/www


The Win32 process 'ruby.exe' is listening on this port (pid 4612).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/3306/mysql


The Win32 process 'mysqld.exe' is listening on this port (pid 2044).

This process 'mysqld.exe' (pid 2044) is hosting the following Windows services :
wampmysqld (wampmysqld)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/3389/msrdp


The Win32 process 'svchost.exe' is listening on this port (pid 4016).

This process 'svchost.exe' (pid 4016) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/3700/giop


The Win32 process 'java.exe' is listening on this port (pid 1944).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/4500


The Win32 process 'svchost.exe' is listening on this port (pid 772).

This process 'svchost.exe' (pid 772) is hosting the following Windows services :
AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/4848


The Win32 process 'java.exe' is listening on this port (pid 1944).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/5353


The Win32 process 'java.exe' is listening on this port (pid 3140).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/5355/llmnr


The Win32 process 'svchost.exe' is listening on this port (pid 908).

This process 'svchost.exe' (pid 908) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
WinRM (@%Systemroot%\system32\wsmsvc.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/5985/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/7676/imqbrokerd


The Win32 process 'java.exe' is listening on this port (pid 1944).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8019


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8020/www


The Win32 process 'dcserverhttpd.exe' is listening on this port (pid 1676).

This process 'dcserverhttpd.exe' (pid 1676) is hosting the following Windows services :
MEDCServerComponent-Apache (MEDC Server Component - Apache)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8022/www


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8027


The Win32 process 'dcnotificationserver.exe' is listening on this port (pid 1624).

This process 'dcnotificationserver.exe' (pid 1624) is hosting the following Windows services :
MEDC Server Component - Notification Server (MEDC Server Component - Notification Server)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8028


The Win32 process 'postgres.exe' is listening on this port (pid 4220).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8031


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8032


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8080/www


The Win32 process 'java.exe' is listening on this port (pid 1944).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8181


The Win32 process 'java.exe' is listening on this port (pid 1944).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8383/www


The Win32 process 'dcserverhttpd.exe' is listening on this port (pid 1676).

This process 'dcserverhttpd.exe' (pid 1676) is hosting the following Windows services :
MEDCServerComponent-Apache (MEDC Server Component - Apache)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8443


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8444


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8484/www


The Win32 process 'java.exe' is listening on this port (pid 3140).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8585/www


The Win32 process 'httpd.exe' is listening on this port (pid 3036).

This process 'httpd.exe' (pid 3036) is hosting the following Windows services :
wampapache (wampapache)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/8686


The Win32 process 'java.exe' is listening on this port (pid 1944).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/9200/elasticsearch


The Win32 process 'elasticsearch-service-x64.exe' is listening on this port (pid 1252).

This process 'elasticsearch-service-x64.exe' (pid 1252) is hosting the following Windows services :
elasticsearch-service-x64 (Elasticsearch 1.1.1 (elasticsearch-service-x64))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/9300


The Win32 process 'elasticsearch-service-x64.exe' is listening on this port (pid 1252).

This process 'elasticsearch-service-x64.exe' (pid 1252) is hosting the following Windows services :
elasticsearch-service-x64 (Elasticsearch 1.1.1 (elasticsearch-service-x64))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/33848


The Win32 process 'java.exe' is listening on this port (pid 3140).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/47001/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49152/dce-rpc


The Win32 process 'wininit.exe' is listening on this port (pid 340).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49153/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 720).

This process 'svchost.exe' (pid 720) is hosting the following Windows services :
Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100)
eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200)
lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49154/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 772).

This process 'svchost.exe' (pid 772) is hosting the following Windows services :
AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
gpsvc (@gpapi.dll,-112)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49175/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 444).

This process 'lsass.exe' (pid 444) is hosting the following Windows services :
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49176


The Win32 process 'java.exe' is listening on this port (pid 1632).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49177


The Win32 process 'java.exe' is listening on this port (pid 2176).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49178/dce-rpc


The Win32 process 'services.exe' is listening on this port (pid 436).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49179


The Win32 process 'java.exe' is listening on this port (pid 2176).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49205/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 1848).

This process 'svchost.exe' (pid 1848) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49236/ssh


The Win32 process 'java.exe' is listening on this port (pid 3140).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

tcp/49237


The Win32 process 'java.exe' is listening on this port (pid 3140).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2026/02/09
Plugin Output

udp/54328


The Win32 process 'elasticsearch-service-x64.exe' is listening on this port (pid 1252).

This process 'elasticsearch-service-x64.exe' (pid 1252) is hosting the following Windows services :
elasticsearch-service-x64 (Elasticsearch 1.1.1 (elasticsearch-service-x64))

17651 - Microsoft Windows SMB : Obtains the Password Policy
-
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

tcp/445/cifs

The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): No limit
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
38689 - Microsoft Windows SMB Last Logged On User Disclosure
-
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.

Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/05/05, Modified: 2019/09/02
Plugin Output

tcp/445/cifs


Last Successful logon : .\vagrant
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/07/21
Plugin Output

tcp/445/cifs

- The SMB tests will be done as vagrant/******
- NULL sessions may be enabled on the remote host.
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
-
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2024/01/31
Plugin Output

tcp/445/cifs


The remote host SID value is : S-1-5-21-3331990163-568474530-1720004626

The value of 'RestrictAnonymous' setting is : 0
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/10/17, Modified: 2021/09/20
Plugin Output

tcp/445/cifs

The remote Operating System is : Windows Server 2008 R2 Standard 7601 Service Pack 1
The remote native LAN manager is : Windows Server 2008 R2 Standard 6.1
The remote SMB Domain Name is : VAGRANT-2008R2
46742 - Microsoft Windows SMB Registry : Enumerate the list of SNMP communities
-
Synopsis
The remote Windows host one or more SNMP communities configured
Description
Using the registry, it was possible to extract the list of SNMP communities configured on the remote host. You should ensure that each community has the appropriate permission and that it can not be guessed by an attacker
Solution
None
Risk Factor
None
Plugin Information
Published: 2010/05/27, Modified: 2015/01/12
Plugin Output

tcp/445/cifs


Using the registry, it was possible to gather the following
information about SNMP communities configured on the remote host :

- Community name : 'public'
Permissions : READ ONLY
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
-
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/31, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Operating system version = 6.1.7601
Architecture = x64
Build lab extended = 7601.17514.amd64fre.win7sp1_rtm.101119-1850
52459 - Microsoft Windows SMB Registry : Win 7 / Server 2008 R2 Service Pack Detection
-
Synopsis
It was possible to determine the service pack installed on the remote system.
Description
It is possible to determine the Service Pack version of the Windows 7 / Server 2008 R2 system by reading the registry key 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CSDVersion'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/25, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The remote Windows 7 / Server 2008 R2 system has Service Pack 1 applied.
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
-
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Plugin Information
Published: 2003/03/24, Modified: 2018/06/05
Plugin Output

tcp/445/cifs


Max cached logons : 10
10400 - Microsoft Windows SMB Registry Remotely Accessible
-
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/12/16
Plugin Output

tcp/445/cifs

44401 - Microsoft Windows SMB Service Config Enumeration
-
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
XREF IAVT:0001-T-0752
Plugin Information
Published: 2010/02/05, Modified: 2022/05/16
Plugin Output

tcp/445/cifs


The following services are set to start automatically :

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/EventSystem/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

DPS startup parameters :
Display name : Diagnostic Policy Service
Service name : DPS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

DcomLaunch startup parameters :
Display name : DCOM Server Process Launcher
Service name : DcomLaunch
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

DesktopCentralServer startup parameters :
Display name : ManageEngine Desktop Central Server
Service name : DesktopCentralServer
Log on as : NT Authority\LOCAL SERVICE
Executable path : C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe -s C:\ManageEngine\DesktopCentral_Server\conf\wrapper.conf

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NSI/Tdx/Afd/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : Tdx/nsi/

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : BFE/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : SamSS/Srv/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : Bowser/MRxSmb10/MRxSmb20/NSI/

MEDC Server Component - Notification Server startup parameters :
Display name : MEDC Server Component - Notification Server
Service name : MEDC Server Component - Notification Server
Log on as : NT Authority\LOCAL SERVICE
Executable path : "C:\ManageEngine\DesktopCentral_Server\bin\dcnotificationserver.exe" -k 8027
Dependencies : Tcpip/

MEDCServerComponent-Apache startup parameters :
Display name : MEDC Server Component - Apache
Service name : MEDCServerComponent-Apache
Log on as : NT Authority\LOCAL SERVICE
Executable path : "C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe" -k runservice
Dependencies : Tcpip/Afd/

MSDTC startup parameters :
Display name : Distributed Transaction Coordinator
Service name : MSDTC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\msdtc.exe
Dependencies : RPCSS/SamSS/

MpsSvc startup parameters :
Display name : Windows Firewall
Service name : MpsSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : mpsdrv/bfe/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : NSI/RpcSs/TcpIp/

OpenSSHd startup parameters :
Display name : OpenSSH Server
Service name : OpenSSHd
Log on as : .\sshd_server
Executable path : C:\Program Files\OpenSSH\bin\cygrunsrv.exe
Dependencies : Tcpip/

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k regsvc
Dependencies : RPCSS/

RpcEptMapper startup parameters :
Display name : RPC Endpoint Mapper
Service name : RpcEptMapper
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k RPCSS

RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k rpcss
Dependencies : RpcEptMapper/DcomLaunch/

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : EventSystem/

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/EventLog/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

Tomcat8 startup parameters :
Display name : Apache Tomcat 8.0 Tomcat8
Service name : Tomcat8
Log on as : LocalSystem
Executable path : "C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\bin\tomcat8.exe" //RS//Tomcat8
Dependencies : Tcpip/Afd/

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

UxSms startup parameters :
Display name : Desktop Window Manager Session Manager
Service name : UxSms
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

VBoxService startup parameters :
Display name : VirtualBox Guest Additions Service
Service name : VBoxService
Log on as : LocalSystem
Executable path : C:\Windows\System32\VBoxService.exe

WLMS startup parameters :
Display name : Windows Licensing Monitoring Service
Service name : WLMS
Log on as : LocalSystem
Executable path : C:\Windows\system32\wlms\wlms.exe

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/HTTP/

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/

clr_optimization_v4.0.30319_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X86
Service name : clr_optimization_v4.0.30319_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

clr_optimization_v4.0.30319_64 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X64
Service name : clr_optimization_v4.0.30319_64
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

domain1 startup parameters :
Display name : domain1 GlassFish Server
Service name : domain1
Log on as : NT Authority\LOCAL SERVICE
Executable path : C:\glassfish\glassfish4\glassfish\domains\domain1\bin\domain1Service.exe
Dependencies : tcpip/

elasticsearch-service-x64 startup parameters :
Display name : Elasticsearch 1.1.1 (elasticsearch-service-x64)
Service name : elasticsearch-service-x64
Log on as : LocalSystem
Executable path : "C:\Program Files\elasticsearch-1.1.1\bin\elasticsearch-service-x64.exe" //RS//elasticsearch-service-x64
Dependencies : Tcpip/Afd/

eventlog startup parameters :
Display name : Windows Event Log
Service name : eventlog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

gpsvc startup parameters :
Display name : Group Policy Client
Service name : gpsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/Mup/

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/

jenkins startup parameters :
Display name : jenkins
Service name : jenkins
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Program Files\jenkins\jenkins.exe" "-ServiceExec"

jmx startup parameters :
Display name : jmx
Service name : jmx
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Program Files\jmx\jmx.exe" "-ServiceExec"

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NetBT/Afd/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : nsiproxy/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

wampapache startup parameters :
Display name : wampapache
Service name : wampapache
Log on as : NT Authority\LOCAL SERVICE
Executable path : "c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice
Dependencies : Tcpip/Afd/

wampmysqld startup parameters :
Display name : wampmysqld
Service name : wampmysqld
Log on as : LocalSystem
Executable path : c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

The following services must be started manually :

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AeLookupSvc startup parameters :
Display name : Application Experience
Service name : AeLookupSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/

AudioSrv startup parameters :
Display name : Windows Audio
Service name : AudioSrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

CertPropSvc startup parameters :
Display name : Certificate Propagation
Service name : CertPropSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

EFS startup parameters :
Display name : Encrypting File System (EFS)
Service name : EFS
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe
Dependencies : RPCSS/

EapHost startup parameters :
Display name : Extensible Authentication Protocol
Service name : EapHost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/KeyIso/

FCRegSvc startup parameters :
Display name : Microsoft Fibre Channel Platform Registration Service
Service name : FCRegSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/http/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Dependencies : RPCSS/SamSS/

MMCSS startup parameters :
Display name : Multimedia Class Scheduler
Service name : MMCSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/nsi/

PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Dependencies : Tcpip/bfe/

ProtectedStorage startup parameters :
Display name : Protected Storage
Service name : ProtectedStorage
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

RSoPProv startup parameters :
Display name : Resultant Set of Policy Provider
Service name : RSoPProv
Log on as : LocalSystem
Executable path : C:\Windows\system32\RSoPProv.exe
Dependencies : RPCSS/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RasMan/TapiSrv/RasAcd/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Tapisrv/SstpSvc/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SCPolicySvc startup parameters :
Display name : Smart Card Removal Policy
Service name : SCPolicySvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SCardSvr startup parameters :
Display name : Smart Card
Service name : SCardSvr
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : PlugPlay/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/LanmanWorkstation/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

TBS startup parameters :
Display name : TPM Base Services
Service name : TBS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

THREADORDER startup parameters :
Display name : Thread Ordering Server
Service name : THREADORDER
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

TapiSrv startup parameters :
Display name : Telephony
Service name : TapiSrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k tapisrv
Dependencies : PlugPlay/RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k termsvcs
Dependencies : RPCSS/TermDD/

TrustedInstaller startup parameters :
Display name : Windows Modules Installer
Service name : TrustedInstaller
Log on as : localSystem
Executable path : C:\Windows\servicing\TrustedInstaller.exe

UI0Detect startup parameters :
Display name : Interactive Services Detection
Service name : UI0Detect
Log on as : LocalSystem
Executable path : C:\Windows\system32\UI0Detect.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : TermService/RDPDR/

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WcsPlugInService startup parameters :
Display name : Windows Color System
Service name : WcsPlugInService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k wcssvc
Dependencies : RpcSs/

WdiServiceHost startup parameters :
Display name : Diagnostic Service Host
Service name : WdiServiceHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService

WdiSystemHost startup parameters :
Display name : Diagnostic System Host
Service name : WdiSystemHost
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : Dhcp/

defragsvc startup parameters :
Display name : Disk Defragmenter
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/Ndisuio/Eaphost/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

hidserv startup parameters :
Display name : Human Interface Device Access
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

hkmsvc startup parameters :
Display name : Health Key and Certificate Management
Service name : hkmsvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/lltdio/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

napagent startup parameters :
Display name : Network Access Protection Agent
Service name : napagent
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RpcSs/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : RpcSs/nlasvc/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RPCSS/

sacsvr startup parameters :
Display name : Special Administration Console Helper
Service name : sacsvr
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

sppuinotify startup parameters :
Display name : SPP Notification Service
Service name : sppuinotify
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : EventSystem/

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/PlugPlay/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wudfsvc startup parameters :
Display name : Windows Driver Foundation - User-mode Driver Framework
Service name : wudfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/WudfPf/

The following services are disabled :

Browser startup parameters :
Display name : Computer Browser
Service name : Browser
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : LanmanWorkstation/LanmanServer/

IPBusEnum startup parameters :
Display name : PnP-X IP Bus Enumerator
Service name : IPBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/fdPHost/

NetMsmqActivator startup parameters :
Display name : Net.Msmq Listener Adapter
Service name : NetMsmqActivator
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
Dependencies : was/msmq/

NetPipeActivator startup parameters :
Display name : Net.Pipe Listener Adapter
Service name : NetPipeActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/

NetTcpActivator startup parameters :
Display name : Net.Tcp Listener Adapter
Service name : NetTcpActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/NetTcpPortSharing/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : HTTP/

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Netman/WinMgmt/RasMan/BFE/

aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

clr_optimization_v2.0.50727_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X86
Service name : clr_optimization_v2.0.50727_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

clr_optimization_v2.0.50727_64 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X64
Service name : clr_optimization_v2.0.50727_64
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/HTTP/

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/139/smb


An SMB server is running on this port.

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/445/cifs


A CIFS server is running on this port.
10456 - Microsoft Windows SMB Service Enumeration
-
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0751
Plugin Information
Published: 2000/07/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Active Services :

Application Experience [ AeLookupSvc ]
Base Filtering Engine [ BFE ]
Certificate Propagation [ CertPropSvc ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
ManageEngine Desktop Central Server [ DesktopCentralServer ]
DHCP Client [ Dhcp ]
DNS Client [ Dnscache ]
domain1 GlassFish Server [ domain1 ]
Elasticsearch 1.1.1 (elasticsearch-service-x64) [ elasticsearch-service-x64 ]
Windows Event Log [ eventlog ]
COM+ Event System [ EventSystem ]
Group Policy Client [ gpsvc ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
jenkins [ jenkins ]
jmx [ jmx ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
TCP/IP NetBIOS Helper [ lmhosts ]
MEDC Server Component - Notification Server [ MEDC Server Component - Notification Server ]
MEDC Server Component - Apache [ MEDCServerComponent-Apache ]
Windows Firewall [ MpsSvc ]
Network Connections [ Netman ]
Network List Service [ netprofm ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
Print Spooler [ Spooler ]
Software Protection [ sppsvc ]
Remote Desktop Services [ TermService ]
Distributed Link Tracking Client [ TrkWks ]
Windows Modules Installer [ TrustedInstaller ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
Desktop Window Manager Session Manager [ UxSms ]
wampapache [ wampapache ]
wampmysqld [ wampmysqld ]
Windows Error Reporting Service [ WerSvc ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Remote Management (WS-Management) [ WinRM ]
Windows Licensing Monitoring Service [ WLMS ]
Portable Device Enumerator Service [ WPDBusEnum ]

Inactive Services :

Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Information [ Appinfo ]
Application Management [ AppMgmt ]
ASP.NET State Service [ aspnet_state ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ AudioSrv ]
Background Intelligent Transfer Service [ BITS ]
Computer Browser [ Browser ]
Microsoft .NET Framework NGEN v2.0.50727_X86 [ clr_optimization_v2.0.50727_32 ]
Microsoft .NET Framework NGEN v2.0.50727_X64 [ clr_optimization_v2.0.50727_64 ]
Microsoft .NET Framework NGEN v4.0.30319_X86 [ clr_optimization_v4.0.30319_32 ]
Microsoft .NET Framework NGEN v4.0.30319_X64 [ clr_optimization_v4.0.30319_64 ]
COM+ System Application [ COMSysApp ]
Disk Defragmenter [ defragsvc ]
Wired AutoConfig [ dot3svc ]
Diagnostic Policy Service [ DPS ]
Extensible Authentication Protocol [ EapHost ]
Encrypting File System (EFS) [ EFS ]
Microsoft Fibre Channel Platform Registration Service [ FCRegSvc ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
Windows Font Cache Service [ FontCache ]
Human Interface Device Access [ hidserv ]
Health Key and Certificate Management [ hkmsvc ]
PnP-X IP Bus Enumerator [ IPBusEnum ]
CNG Key Isolation [ KeyIso ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Multimedia Class Scheduler [ MMCSS ]
Distributed Transaction Coordinator [ MSDTC ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
Network Access Protection Agent [ napagent ]
Netlogon [ Netlogon ]
Net.Msmq Listener Adapter [ NetMsmqActivator ]
Net.Pipe Listener Adapter [ NetPipeActivator ]
Net.Tcp Listener Adapter [ NetTcpActivator ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
OpenSSH Server [ OpenSSHd ]
Performance Counter DLL Host [ PerfHost ]
Performance Logs & Alerts [ pla ]
Protected Storage [ ProtectedStorage ]
Remote Access Auto Connection Manager [ RasAuto ]
Remote Access Connection Manager [ RasMan ]
Routing and Remote Access [ RemoteAccess ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Resultant Set of Policy Provider [ RSoPProv ]
Special Administration Console Helper [ sacsvr ]
Smart Card [ SCardSvr ]
Smart Card Removal Policy [ SCPolicySvc ]
Secondary Logon [ seclogon ]
Internet Connection Sharing (ICS) [ SharedAccess ]
SNMP Trap [ SNMPTRAP ]
SPP Notification Service [ sppuinotify ]
SSDP Discovery [ SSDPSRV ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Telephony [ TapiSrv ]
TPM Base Services [ TBS ]
Thread Ordering Server [ THREADORDER ]
Apache Tomcat 8.0 Tomcat8 [ Tomcat8 ]
Interactive Services Detection [ UI0Detect ]
UPnP Device Host [ upnphost ]
Credential Manager [ VaultSvc ]
VirtualBox Guest Additions Service [ VBoxService ]
Virtual Disk [ vds ]
Volume Shadow Copy [ VSS ]
Windows Time [ W32Time ]
Windows Color System [ WcsPlugInService ]
Diagnostic Service Host [ WdiServiceHost ]
Diagnostic System Host [ WdiSystemHost ]
Windows Event Collector [ Wecsvc ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
WMI Performance Adapter [ wmiApSrv ]
Windows Update [ wuauserv ]
Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]

92373 - Microsoft Windows SMB Sessions
-
Synopsis
Nessus was able to collect and report SMB session information from the remote host.
Description
Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2026/02/09
Plugin Output

tcp/0

vagrant

Extended SMB session information attached.

23974 - Microsoft Windows SMB Share Hosting Office Files
-
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output

tcp/445/cifs


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- \manageengine\desktopcentral_server\licenses\license_trayicon.doc
- \users\public\documents\jack_of_hearts.docx
10396 - Microsoft Windows SMB Shares Access
-
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following shares can be accessed as vagrant :

- ADMIN$ - (readable,writable)
+ Content of this share :
..
AppCompat
AppPatch
assembly
bfsvc.exe
Boot
bootstat.dat
Branding
Cursors
debug
diagerr.xml
diagnostics
diagwrn.xml
DigitalLocker
Downloaded Program Files
DtcInstall.log
en-US
explorer.exe
Fonts
fveupdate.exe
Globalization
Help
HelpPane.exe
hh.exe
IME
inf
Installer
L2Schemas
LiveKernelReports
Logs
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
msdfmap.ini
Offline Web Pages
Panther
PFRO.log
PLA
PolicyDefinitions
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
securitynew.sdb
ServerStandard.xml
ServerWeb.xml
ServiceProfiles
servicing
Setup
setupact.log
setuperr.log
SoftwareDistribution
Speech
splwow64.exe
SysMsiCache
system
system.ini
System32
SysWOW64
TAPI
Tasks
Temp
three_of_spades.png
tracing
TSSysprep.log
Vss
Web
win.ini
WindowsShell.Manifest
WindowsUpdate.log
winhlp32.exe
winsxs
write.exe

- C$ - (readable,writable)
+ Content of this share :
Boot
bootmgr
BOOTSECT.BAK
Documents and Settings
glassfish
jack_of_diamonds.png
java0.log
java1.log
java2.log
ManageEngine
openjdk6
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
System Volume Information
tools
Users
wamp
Windows
__Argon__.tmp
10395 - Microsoft Windows SMB Shares Enumeration
-
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Here are the SMB shares available on the remote host when logged in as vagrant:

- ADMIN$
- C$
- IPC$
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/06/19, Modified: 2019/11/22
Plugin Output

tcp/445/cifs


The remote host supports the following versions of SMB :
SMBv1
SMBv2
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/09, Modified: 2020/03/11
Plugin Output

tcp/445/cifs


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

92368 - Microsoft Windows Scripting Host Settings
-
Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1

Windows scripting host configuration attached.

200493 - Microsoft Windows Start Menu Software Version Enumeration
-
Synopsis
Enumerates Start Menu software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2024/06/13, Modified: 2026/01/20
Plugin Output

tcp/445/cifs

The following software information is available on the remote host :

- 7-Zip File Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\7-Zip\7-Zip File Manager.lnk
Target : C:\Program Files\7-Zip\7zFM.exe
Version : 16.4.0.0

- 7-Zip Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\7-Zip\7-Zip Help.lnk
Target : C:\Program Files\7-Zip\7-zip.chm
Version : unknown

- Calculator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Calculator.lnk
Target : C:\Windows\system32\calc.exe
Version : 6.1.7600.16385

- displayswitch.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\displayswitch.lnk
Target : C:\Windows\system32\displayswitch.exe
Version : 6.1.7600.16385

- Paint.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Paint.lnk
Target : C:\Windows\system32\mspaint.exe
Version : 6.1.7600.16385

- Remote Desktop Connection.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Remote Desktop Connection.lnk
Target : C:\Windows\system32\mstsc.exe
Version : 6.1.7601.17514

- Wordpad.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Wordpad.lnk
Target : C:\Program Files\Windows NT\Accessories\wordpad.exe
Version : 6.1.7601.17514

- dfrgui.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\dfrgui.lnk
Target : C:\Windows\system32\dfrgui.exe
Version : 6.1.7601.17514

- Resource Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Resource Monitor.lnk
Target : C:\Windows\system32\perfmon.exe
Version : 6.1.7601.17514

- System Information.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\System Information.lnk
Target : C:\Windows\system32\msinfo32.exe
Version : 6.1.7601.17514

- Task Scheduler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Task Scheduler.lnk
Target : C:\Windows\system32\taskschd.msc
Version : unknown

- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown

- Windows PowerShell (x86).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
Target : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Version : 10.0.10586.117

- Windows PowerShell ISE (x86).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
Target : C:\Windows\sysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
Version : 10.0.10586.117

- Windows PowerShell ISE.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
Target : C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
Version : 10.0.10586.117

- Windows PowerShell.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows PowerShell\Windows PowerShell.lnk
Target : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Version : 10.0.10586.117

- Component Services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Component Services.lnk
Target : C:\Windows\system32\comexp.msc
Version : unknown

- Computer Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Computer Management.lnk
Target : C:\Windows\system32\compmgmt.msc
Version : unknown

- Data Sources (ODBC).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Data Sources (ODBC).lnk
Target : C:\Windows\system32\odbcad32.exe
Version : 6.1.7600.16385

- Event Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Event Viewer.lnk
Target : C:\Windows\system32\eventvwr.msc
Version : unknown

- iSCSI Initiator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\iSCSI Initiator.lnk
Target : C:\Windows\system32\iscsicpl.exe
Version : 6.1.7600.16385

- Memory Diagnostics Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Memory Diagnostics Tool.lnk
Target : C:\Windows\system32\MdSched.exe
Version : 6.1.7601.17514

- Performance Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Performance Monitor.lnk
Target : C:\Windows\system32\perfmon.msc
Version : unknown

- Security Configuration Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Security Configuration Management.lnk
Target : C:\Windows\system32\secpol.msc
Version : unknown

- Security Configuration Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Security Configuration Wizard.lnk
Target : C:\Windows\system32\scw.exe
Version : 6.1.7601.17514

- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.msc
Version : unknown

- services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\services.lnk
Target : C:\Windows\system32\services.msc
Version : unknown

- Share and Storage Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Share and Storage Management.lnk
Target : C:\Windows\system32\StorageMgmt.msc
Version : unknown

- Storage Explorer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Storage Explorer.lnk
Target : C:\Windows\system32\mmc.exe
Version : 6.1.7600.16385

- System Configuration.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Configuration.lnk
Target : C:\Windows\system32\msconfig.exe
Version : 6.1.7601.17514

- Task Scheduler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Task Scheduler.lnk
Target : C:\Windows\system32\taskschd.msc
Version : unknown

- Windows Firewall with Advanced Security.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Firewall with Advanced Security.lnk
Target : C:\Windows\system32\WF.msc
Version : unknown

- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown

- Remote Desktops.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Terminal Services\Remote Desktops.lnk
Target : C:\Windows\system32\tsmmc.msc
Version : unknown

- Terminal Services Configuration.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Terminal Services\Terminal Services Configuration.lnk
Target : C:\Windows\system32\tsconfig.msc
Version : unknown

- Terminal Services Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Terminal Services\Terminal Services Manager.lnk
Target : C:\Windows\system32\tsadmin.msc
Version : unknown

- Boxstarter Shell.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Boxstarter\Boxstarter Shell.lnk
Target : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Version : 10.0.10586.117

- About Java.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Java\About Java.lnk
Target : C:\Program Files\Java\jre1.8.0_141\bin\javacpl.exe
Version : 11.141.2.15

- Check For Updates.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Java\Check For Updates.lnk
Target : C:\Program Files\Java\jre1.8.0_141\bin\javacpl.exe
Version : 11.141.2.15

- Configure Java.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Java\Configure Java.lnk
Target : C:\Program Files\Java\jre1.8.0_141\bin\javacpl.exe
Version : 11.141.2.15

- Java Mission Control.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Java Development Kit\Java Mission Control.lnk
Target : C:\Program Files\Java\jdk1.8.0_144\bin\jmc.exe
Version : unknown

- Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\ManageEngine Desktop Central\Help.lnk
Target : C:\ManageEngine\DesktopCentral_Server\help\index.html
Version : unknown

- ReadMe.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\ManageEngine Desktop Central\ReadMe.lnk
Target : C:\ManageEngine\DesktopCentral_Server\ReadMe.html
Version : unknown

- Update Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\ManageEngine Desktop Central\Update Manager.lnk
Target : C:\ManageEngine\DesktopCentral_Server\bin\UpdateManager.bat
Version : unknown

- OpenSSH for Windows Web Site.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\OpenSSH for Windows\OpenSSH for Windows Web Site.lnk
Target : C:\Program Files\OpenSSH\openssh.url
Version : unknown

- Remove OpenSSH for Windows.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\OpenSSH for Windows\Remove OpenSSH for Windows.lnk
Target : C:\Program Files\OpenSSH\uninstall.exe
Version : 7.1.1.1

- ManageEngine Desktop Central.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Startup\ManageEngine Desktop Central.lnk
Target : C:\ManageEngine\DesktopCentral_Server\bin\DesktopCentral.exe
Version : unknown

- start WampServer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WampServer\start WampServer.lnk
Target : C:\wamp\wampmanager.exe
Version : 1.6.1.33
58452 - Microsoft Windows Startup Software Enumeration
-
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/03/23, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following startup item was found :

SunJavaUpdateSched - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
VBoxTray - C:\Windows\system32\VBoxTray.exe
38153 - Microsoft Windows Summary of Missing Patches
-
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Note the results of missing patches also include superseded patches.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information
Published: 2009/04/24, Modified: 2019/06/13
Plugin Output

tcp/445/cifs

The patches for the following bulletins or KBs are missing on the remote host :

- MS11-003 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-003 )
- MS11-007 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-007 )
- MS11-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-009 )
- MS11-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-012 )
- MS11-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-013 )
- MS11-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-018 )
- MS11-019 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-019 )
- MS11-020 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-020 )
- MS11-024 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-024 )
- MS11-026 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-026 )
- MS11-027 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-027 )
- MS11-028 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-028 )
- MS11-030 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-030 )
- MS11-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-031 )
- MS11-032 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-032 )
- MS11-034 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-034 )
- MS11-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-037 )
- MS11-038 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-038 )
- MS11-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-039 )
- MS11-041 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-041 )
- MS11-043 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-043 )
- MS11-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-044 )
- MS11-046 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-046 )
- MS11-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-048 )
- MS11-050 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-050 )
- MS11-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-054 )
- MS11-056 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-056 )
- MS11-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-057 )
- MS11-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-063 )
- MS11-064 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-064 )
- MS11-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-068 )
- MS11-069 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-069 )
- MS11-071 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-071 )
- MS11-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-075 )
- MS11-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-077 )
- MS11-078 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-078 )
- MS11-081 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-081 )
- MS11-083 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-083 )
- MS11-084 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-084 )
- MS11-085 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-085 )
- MS11-087 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-087 )
- MS11-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-090 )
- MS11-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-097 )
- MS11-099 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-099 )
- MS11-100 ( http://technet.microsoft.com/en-us/security/bulletin/ms11-100 )
- MS12-001 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-001 )
- MS12-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-004 )
- MS12-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-005 )
- MS12-006 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-006 )
- MS12-008 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-008 )
- MS12-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-009 )
- MS12-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-010 )
- MS12-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-012 )
- MS12-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-013 )
- MS12-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-016 )
- MS12-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-018 )
- MS12-020 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-020 )
- MS12-023 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-023 )
- MS12-024 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-024 )
- MS12-025 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-025 )
- MS12-032 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-032 )
- MS12-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-033 )
- MS12-034 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-034 )
- MS12-035 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-035 )
- MS12-036 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-036 )
- MS12-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-037 )
- MS12-038 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-038 )
- MS12-041 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-041 )
- MS12-042 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-042 )
- MS12-043 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-043 )
- MS12-045 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-045 )
- MS12-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-047 )
- MS12-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-048 )
- MS12-049 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-049 )
- MS12-052 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-052 )
- MS12-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-054 )
- MS12-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-055 )
- MS12-056 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-056 )
- MS12-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-063 )
- MS12-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-068 )
- MS12-069 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-069 )
- MS12-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-074 )
- MS12-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-075 )
- MS12-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-077 )
- MS12-078 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-078 )
- MS12-081 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-081 )
- MS12-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-082 )
- MS12-083 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-083 )
- MS13-001 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-001 )
- MS13-002 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-002 )
- MS13-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-004 )
- MS13-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-005 )
- MS13-008 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-008 )
- MS13-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-015 )
- MS13-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-016 )
- MS13-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-017 )
- MS13-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-018 )
- MS13-019 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-019 )
- MS13-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-021 )
- MS13-027 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-027 )
- MS13-028 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-028 )
- MS13-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-029 )
- MS13-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-031 )
- MS13-036 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-036 )
- MS13-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-037 )
- MS13-038 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-038 )
- MS13-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-040 )
- MS13-046 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-046 )
- MS13-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-047 )
- MS13-049 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-049 )
- MS13-050 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-050 )
- MS13-052 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-052 )
- MS13-053 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-053 )
- MS13-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-054 )
- MS13-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-055 )
- MS13-059 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-059 )
- MS13-062 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-062 )
- MS13-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-063 )
- MS13-065 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-065 )
- MS13-069 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-069 )
- MS13-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-076 )
- MS13-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-077 )
- MS13-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-080 )
- MS13-081 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-081 )
- MS13-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-082 )
- MS13-083 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-083 )
- MS13-088 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-088 )
- MS13-089 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-089 )
- MS13-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-090 )
- MS13-093 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-093 )
- MS13-095 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-095 )
- MS13-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-097 )
- MS13-098 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-098 )
- MS13-099 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-099 )
- MS13-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms13-101 )
- MS14-003 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-003 )
- MS14-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-005 )
- MS14-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-009 )
- MS14-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-010 )
- MS14-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-011 )
- MS14-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-012 )
- MS14-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-015 )
- MS14-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-018 )
- MS14-019 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-019 )
- MS14-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-021 )
- MS14-026 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-026 )
- MS14-027 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-027 )
- MS14-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-029 )
- MS14-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-031 )
- MS14-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-033 )
- MS14-035 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-035 )
- MS14-036 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-036 )
- MS14-037 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-037 )
- MS14-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-039 )
- MS14-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-040 )
- MS14-045 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-045 )
- MS14-046 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-046 )
- MS14-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-047 )
- MS14-049 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-049 )
- MS14-051 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-051 )
- MS14-052 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-052 )
- MS14-053 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-053 )
- MS14-056 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-056 )
- MS14-057 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-057 )
- MS14-058 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-058 )
- MS14-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-060 )
- MS14-064 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-064 )
- MS14-065 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-065 )
- MS14-066 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-066 )
- MS14-067 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-067 )
- MS14-068 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-068 )
- MS14-071 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-071 )
- MS14-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-072 )
- MS14-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-074 )
- MS14-078 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-078 )
- MS14-079 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-079 )
- MS14-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-080 )
- MS14-084 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-084 )
- MS14-085 ( http://technet.microsoft.com/en-us/security/bulletin/ms14-085 )
- MS15-001 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-001 )
- MS15-003 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-003 )
- MS15-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-004 )
- MS15-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-005 )
- MS15-007 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-007 )
- MS15-009 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-009 )
- MS15-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-010 )
- MS15-014 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-014 )
- MS15-015 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-015 )
- MS15-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-016 )
- MS15-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-018 )
- MS15-020 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-020 )
- MS15-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-021 )
- MS15-023 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-023 )
- MS15-024 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-024 )
- MS15-025 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-025 )
- MS15-028 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-028 )
- MS15-029 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-029 )
- MS15-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-031 )
- MS15-032 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-032 )
- MS15-034 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-034 )
- MS15-035 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-035 )
- MS15-038 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-038 )
- MS15-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-039 )
- MS15-041 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-041 )
- MS15-043 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-043 )
- MS15-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-044 )
- MS15-048 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-048 )
- MS15-050 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-050 )
- MS15-051 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-051 )
- MS15-054 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-054 )
- MS15-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-055 )
- MS15-056 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-056 )
- MS15-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-060 )
- MS15-061 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-061 )
- MS15-065 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-065 )
- MS15-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-072 )
- MS15-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-073 )
- MS15-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-074 )
- MS15-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-075 )
- MS15-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-076 )
- MS15-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-077 )
- MS15-078 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-078 )
- MS15-079 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-079 )
- MS15-080 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-080 )
- MS15-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-082 )
- MS15-084 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-084 )
- MS15-085 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-085 )
- MS15-088 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-088 )
- MS15-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-090 )
- MS15-093 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-093 )
- MS15-094 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-094 )
- MS15-096 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-096 )
- MS15-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-097 )
- MS15-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-101 )
- MS15-102 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-102 )
- MS15-106 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-106 )
- MS15-109 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-109 )
- MS15-111 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-111 )
- MS15-112 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-112 )
- MS15-115 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-115 )
- MS15-117 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-117 )
- MS15-118 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-118 )
- MS15-119 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-119 )
- MS15-121 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-121 )
- MS15-122 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-122 )
- MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 )
- MS15-128 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-128 )
- MS15-130 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-130 )
- MS15-132 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-132 )
- MS15-133 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-133 )
- MS15-135 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-135 )
- MS16-001 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-001 )
- MS16-005 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-005 )
- MS16-007 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-007 )
- MS16-008 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-008 )
- MS16-014 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-014 )
- MS16-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-018 )
- MS16-019 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-019 )
- MS16-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-021 )
- MS16-026 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-026 )
- MS16-030 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-030 )
- MS16-031 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-031 )
- MS16-032 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-032 )
- MS16-033 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-033 )
- MS16-034 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-034 )
- MS16-035 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-035 )
- MS16-039 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-039 )
- MS16-040 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-040 )
- MS16-044 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-044 )
- MS16-047 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-047 )
- MS16-055 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-055 )
- MS16-060 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-060 )
- MS16-061 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-061 )
- MS16-062 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-062 )
- MS16-063 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-063 )
- MS16-072 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-072 )
- MS16-073 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-073 )
- MS16-074 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-074 )
- MS16-075 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-075 )
- MS16-076 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-076 )
- MS16-077 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-077 )
- MS16-082 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-082 )
- MS16-087 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-087 )
- MS16-090 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-090 )
- MS16-097 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-097 )
- MS16-098 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-098 )
- MS16-101 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-101 )
- MS16-106 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-106 )
- MS16-111 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-111 )
- MS16-114 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-114 )
- MS16-116 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-116 )
- MS16-118 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-118 )
- MS16-120 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-120 )
- MS16-123 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-123 )
- MS16-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-124 )
- MS16-126 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-126 )
- MS16-130 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-130 )
- MS16-132 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-132 )
- MS16-134 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-134 )
- MS16-135 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-135 )
- MS16-137 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-137 )
- MS16-139 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-139 )
- MS16-142 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-142 )
- MS16-144 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-144 )
- MS16-146 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-146 )
- MS16-147 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-147 )
- MS16-149 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-149 )
- MS16-151 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-151 )
- MS16-153 ( http://technet.microsoft.com/en-us/security/bulletin/ms16-153 )
- MS17-004 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-004 )
- MS17-010 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-010 )
- MS17-011 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-011 )
- MS17-012 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-012 )
- MS17-013 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-013 )
- MS17-016 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-016 )
- MS17-017 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-017 )
- MS17-018 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-018 )
- MS17-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-021 )
- MS17-022 ( http://technet.microsoft.com/en-us/security/bulletin/ms17-022 )
- KB4015546 ( https://support.microsoft.com/en-us/help/4015546 )
- KB4015549 ( https://support.microsoft.com/en-us/help/4015549 )
- KB4019263 ( https://support.microsoft.com/en-us/help/4019263 )
- KB4019264 ( https://support.microsoft.com/en-us/help/4019264 )
- KB4022719 ( https://support.microsoft.com/en-us/help/4022719 )
- KB4022722 ( https://support.microsoft.com/en-us/help/4022722 )
- KB4036586 ( https://support.microsoft.com/en-us/help/4036586 )
- KB4025337 ( https://support.microsoft.com/en-us/help/4025337 )
- KB4025341 ( https://support.microsoft.com/en-us/help/4025341 )
- KB4034664 ( https://support.microsoft.com/en-us/help/4034664 )
- KB4034679 ( https://support.microsoft.com/en-us/help/4034679 )
- KB4038777 ( https://support.microsoft.com/en-us/help/4038777 )
- KB4038779 ( https://support.microsoft.com/en-us/help/4038779 )
- KB4041678 ( https://support.microsoft.com/en-us/help/4041678 )
- KB4041681 ( https://support.microsoft.com/en-us/help/4041681 )
- KB4048957 ( https://support.microsoft.com/en-us/help/4048957 )
- KB4048960 ( https://support.microsoft.com/en-us/help/4048960 )
- KB4054518 ( https://support.microsoft.com/en-us/help/4054518 )
- KB4054521 ( https://support.microsoft.com/en-us/help/4054521 )
- KB4056894 ( https://support.microsoft.com/en-us/help/4056894 )
- KB4056897 ( https://support.microsoft.com/en-us/help/4056897 )
- KB4074587 ( https://support.microsoft.com/en-us/help/4074587 )
- KB4074598 ( https://support.microsoft.com/en-us/help/4074598 )
- KB4088875 ( https://support.microsoft.com/en-us/help/4088875 )
- KB4088878 ( https://support.microsoft.com/en-us/help/4088878 )
- KB4100480 ( https://support.microsoft.com/en-us/help/4100480 )
- KB4093108 ( https://support.microsoft.com/en-us/help/4093108 )
- KB4093118 ( https://support.microsoft.com/en-us/help/4093118 )
- KB4103712 ( https://support.microsoft.com/en-us/help/4103712 )
- KB4103718 ( https://support.microsoft.com/en-us/help/4103718 )
- KB4284826 ( https://support.microsoft.com/en-us/help/4284826 )
- KB4284867 ( https://support.microsoft.com/en-us/help/4284867 )
- KB4338818 ( https://support.microsoft.com/en-us/help/4338818 )
- KB4338823 ( https://support.microsoft.com/en-us/help/4338823 )
- KB4343899 ( https://support.microsoft.com/en-us/help/4343899 )
- KB4343900 ( https://support.microsoft.com/en-us/help/4343900 )
- KB4457144 ( https://support.microsoft.com/en-us/help/4457144 )
- KB4457145 ( https://support.microsoft.com/en-us/help/4457145 )
- KB4462915 ( https://support.microsoft.com/en-us/help/4462915 )
- KB4462923 ( https://support.microsoft.com/en-us/help/4462923 )
- KB4467106 ( https://support.microsoft.com/en-us/help/4467106 )
- KB4467107 ( https://support.microsoft.com/en-us/help/4467107 )
- KB4471318 ( https://support.microsoft.com/en-us/help/4471318 )
- KB4471328 ( https://support.microsoft.com/en-us/help/4471328 )
- KB4480960 ( https://support.microsoft.com/en-us/help/4480960 )
- KB4480970 ( https://support.microsoft.com/en-us/help/4480970 )
- KB4486563 ( https://support.microsoft.com/en-us/help/4486563 )
- KB4486564 ( https://support.microsoft.com/en-us/help/4486564 )
- KB4489878 ( https://support.microsoft.com/en-us/help/4489878 )
- KB4489885 ( https://support.microsoft.com/en-us/help/4489885 )
- KB4493448 ( https://support.microsoft.com/en-us/help/4493448 )
- KB4493472 ( https://support.microsoft.com/en-us/help/4493472 )
- KB4499164 ( https://support.microsoft.com/en-us/help/4499164 )
- KB4499175 ( https://support.microsoft.com/en-us/help/4499175 )
- KB4503269 ( https://support.microsoft.com/en-us/help/4503269 )
- KB4503292 ( https://support.microsoft.com/en-us/help/4503292 )
- KB4507449 ( https://support.microsoft.com/en-us/help/4507449 )
- KB4507456 ( https://support.microsoft.com/en-us/help/4507456 )
- KB4512486 ( https://support.microsoft.com/en-us/help/4512486 )
- KB4512506 ( https://support.microsoft.com/en-us/help/4512506 )
- KB4516033 ( https://support.microsoft.com/en-us/help/4516033 )
- KB4516065 ( https://support.microsoft.com/en-us/help/4516065 )
- KB4519976 ( https://support.microsoft.com/en-us/help/4519976 )
- KB4520003 ( https://support.microsoft.com/en-us/help/4520003 )
- KB4525233 ( https://support.microsoft.com/en-us/help/4525233 )
- KB4525235 ( https://support.microsoft.com/en-us/help/4525235 )
- KB4530692 ( https://support.microsoft.com/en-us/help/4530692 )
- KB4530734 ( https://support.microsoft.com/en-us/help/4530734 )
- KB4534310 ( https://support.microsoft.com/en-us/help/4534310 )
- KB4534314 ( https://support.microsoft.com/en-us/help/4534314 )
- KB4537813 ( https://support.microsoft.com/en-us/help/4537813 )
- KB4537820 ( https://support.microsoft.com/en-us/help/4537820 )
- KB4540688 ( https://support.microsoft.com/en-us/help/4540688 )
- KB4541500 ( https://support.microsoft.com/en-us/help/4541500 )
- KB4550964 ( https://support.microsoft.com/en-us/help/4550964 )
- KB4550965 ( https://support.microsoft.com/en-us/help/4550965 )
- KB4556836 ( https://support.microsoft.com/en-us/help/4556836 )
- KB4556843 ( https://support.microsoft.com/en-us/help/4556843 )
- KB4561643 ( https://support.microsoft.com/en-us/help/4561643 )
- KB4561669 ( https://support.microsoft.com/en-us/help/4561669 )
- KB4565524 ( https://support.microsoft.com/en-us/help/4565524 )
- KB4565539 ( https://support.microsoft.com/en-us/help/4565539 )
- KB4571719 ( https://support.microsoft.com/en-us/help/4571719 )
- KB4571729 ( https://support.microsoft.com/en-us/help/4571729 )
- KB4577051 ( https://support.microsoft.com/en-us/help/4577051 )
- KB4577053 ( https://support.microsoft.com/en-us/help/4577053 )
- KB4580345 ( https://support.microsoft.com/en-us/help/4580345 )
- KB4580387 ( https://support.microsoft.com/en-us/help/4580387 )
- KB4586805 ( https://support.microsoft.com/en-us/help/4586805 )
- KB4586827 ( https://support.microsoft.com/en-us/help/4586827 )
- KB4592471 ( https://support.microsoft.com/en-us/help/4592471 )
- KB4592503 ( https://support.microsoft.com/en-us/help/4592503 )
- KB4598279 ( https://support.microsoft.com/en-us/help/4598279 )
- KB4598289 ( https://support.microsoft.com/en-us/help/4598289 )
- KB4601347 ( https://support.microsoft.com/en-us/help/4601347 )
- KB4601363 ( https://support.microsoft.com/en-us/help/4601363 )
- KB5000841 ( https://support.microsoft.com/en-us/help/5000841 )
- KB5000851 ( https://support.microsoft.com/en-us/help/5000851 )
- KB5001335 ( https://support.microsoft.com/en-us/help/5001335 )
- KB5001392 ( https://support.microsoft.com/en-us/help/5001392 )
- KB5003228 ( https://support.microsoft.com/en-us/help/5003228 )
- KB5003233 ( https://support.microsoft.com/en-us/help/5003233 )
- KB5003667 ( https://support.microsoft.com/en-us/help/5003667 )
- KB5003694 ( https://support.microsoft.com/en-us/help/5003694 )
- KB5004289 ( https://support.microsoft.com/en-us/help/5004289 )
- KB5004307 ( https://support.microsoft.com/en-us/help/5004307 )
- KB5004951 ( https://support.microsoft.com/en-us/help/5004951 )
- KB5005088 ( https://support.microsoft.com/en-us/help/5005088 )
- KB5005089 ( https://support.microsoft.com/en-us/help/5005089 )
- KB5005615 ( https://support.microsoft.com/en-us/help/5005615 )
- KB5005633 ( https://support.microsoft.com/en-us/help/5005633 )
- KB5006728 ( https://support.microsoft.com/en-us/help/5006728 )
- KB5006743 ( https://support.microsoft.com/en-us/help/5006743 )
- KB5007233 ( https://support.microsoft.com/en-us/help/5007233 )
- KB5007236 ( https://support.microsoft.com/en-us/help/5007236 )
- KB5008244 ( https://support.microsoft.com/en-us/help/5008244 )
- KB5008282 ( https://support.microsoft.com/en-us/help/5008282 )
- KB5009610 ( https://support.microsoft.com/en-us/help/5009610 )
- KB5009621 ( https://support.microsoft.com/en-us/help/5009621 )
- KB5010404 ( https://support.microsoft.com/en-us/help/5010404 )
- KB5010422 ( https://support.microsoft.com/en-us/help/5010422 )
- KB5011529 ( https://support.microsoft.com/en-us/help/5011529 )
- KB5011552 ( https://support.microsoft.com/en-us/help/5011552 )
- KB5012626 ( https://support.microsoft.com/en-us/help/5012626 )
- KB5012649 ( https://support.microsoft.com/en-us/help/5012649 )
- KB5013999 ( https://support.microsoft.com/en-us/help/5013999 )
- KB5014012 ( https://support.microsoft.com/en-us/help/5014012 )
- KB5014742 ( https://support.microsoft.com/en-us/help/5014742 )
- KB5014748 ( https://support.microsoft.com/en-us/help/5014748 )
- KB5015861 ( https://support.microsoft.com/en-us/help/5015861 )
- KB5015862 ( https://support.microsoft.com/en-us/help/5015862 )
- KB5016676 ( https://support.microsoft.com/en-us/help/5016676 )
- KB5016679 ( https://support.microsoft.com/en-us/help/5016679 )
- KB5017361 ( https://support.microsoft.com/en-us/help/5017361 )
- KB5017373 ( https://support.microsoft.com/en-us/help/5017373 )
- KB5018454 ( https://support.microsoft.com/en-us/help/5018454 )
- KB5018479 ( https://support.microsoft.com/en-us/help/5018479 )
- KB5020000 ( https://support.microsoft.com/en-us/help/5020000 )
- KB5020013 ( https://support.microsoft.com/en-us/help/5020013 )
- KB5021288 ( https://support.microsoft.com/en-us/help/5021288 )
- KB5021291 ( https://support.microsoft.com/en-us/help/5021291 )
- KB5022338 ( https://support.microsoft.com/en-us/help/5022338 )
- KB5022339 ( https://support.microsoft.com/en-us/help/5022339 )
- KB5022872 ( https://support.microsoft.com/en-us/help/5022872 )
- KB5022874 ( https://support.microsoft.com/en-us/help/5022874 )
- KB5023759 ( https://support.microsoft.com/en-us/help/5023759 )
- KB5023769 ( https://support.microsoft.com/en-us/help/5023769 )
- KB5025277 ( https://support.microsoft.com/en-us/help/5025277 )
- KB5025279 ( https://support.microsoft.com/en-us/help/5025279 )
- KB5026413 ( https://support.microsoft.com/en-us/help/5026413 )
- KB5026426 ( https://support.microsoft.com/en-us/help/5026426 )
- KB5027256 ( https://support.microsoft.com/en-us/help/5027256 )
- KB5027275 ( https://support.microsoft.com/en-us/help/5027275 )
- KB5028224 ( https://support.microsoft.com/en-us/help/5028224 )
- KB5028240 ( https://support.microsoft.com/en-us/help/5028240 )
- KB5029296 ( https://support.microsoft.com/en-us/help/5029296 )
- KB5029307 ( https://support.microsoft.com/en-us/help/5029307 )
- KB5030261 ( https://support.microsoft.com/en-us/help/5030261 )
- KB5030265 ( https://support.microsoft.com/en-us/help/5030265 )
- KB5031408 ( https://support.microsoft.com/en-us/help/5031408 )
- KB5031441 ( https://support.microsoft.com/en-us/help/5031441 )
- KB5032250 ( https://support.microsoft.com/en-us/help/5032250 )
- KB5032252 ( https://support.microsoft.com/en-us/help/5032252 )
- KB5033424 ( https://support.microsoft.com/en-us/help/5033424 )
- KB5033433 ( https://support.microsoft.com/en-us/help/5033433 )
- KB5034167 ( https://support.microsoft.com/en-us/help/5034167 )
- KB5034169 ( https://support.microsoft.com/en-us/help/5034169 )
- KB5034809 ( https://support.microsoft.com/en-us/help/5034809 )
- KB5034831 ( https://support.microsoft.com/en-us/help/5034831 )
- KB5035888 ( https://support.microsoft.com/en-us/help/5035888 )
- KB5035919 ( https://support.microsoft.com/en-us/help/5035919 )
- KB5036922 ( https://support.microsoft.com/en-us/help/5036922 )
- KB5036967 ( https://support.microsoft.com/en-us/help/5036967 )
- KB5037780 ( https://support.microsoft.com/en-us/help/5037780 )
- KB5037803 ( https://support.microsoft.com/en-us/help/5037803 )
- KB5039274 ( https://support.microsoft.com/en-us/help/5039274 )
- KB5039289 ( https://support.microsoft.com/en-us/help/5039289 )
- KB5040497 ( https://support.microsoft.com/en-us/help/5040497 )
- KB5040498 ( https://support.microsoft.com/en-us/help/5040498 )
- KB5041823 ( https://support.microsoft.com/en-us/help/5041823 )
- KB5041838 ( https://support.microsoft.com/en-us/help/5041838 )
- KB5043092 ( https://support.microsoft.com/en-us/help/5043092 )
- KB5043129 ( https://support.microsoft.com/en-us/help/5043129 )
- KB5044321 ( https://support.microsoft.com/en-us/help/5044321 )
- KB5044356 ( https://support.microsoft.com/en-us/help/5044356 )
- KB5046687 ( https://support.microsoft.com/en-us/help/5046687 )
- KB5046705 ( https://support.microsoft.com/en-us/help/5046705 )
- KB5048676 ( https://support.microsoft.com/en-us/help/5048676 )
- KB5048695 ( https://support.microsoft.com/en-us/help/5048695 )
- KB5050006 ( https://support.microsoft.com/en-us/help/5050006 )
- KB5050049 ( https://support.microsoft.com/en-us/help/5050049 )
- KB5052016 ( https://support.microsoft.com/en-us/help/5052016 )
- KB5052032 ( https://support.microsoft.com/en-us/help/5052032 )
- KB5053620 ( https://support.microsoft.com/en-us/help/5053620 )
- KB5053627 ( https://support.microsoft.com/en-us/help/5053627 )
- KB5055561 ( https://support.microsoft.com/en-us/help/5055561 )
- KB5055570 ( https://support.microsoft.com/en-us/help/5055570 )
- KB5058430 ( https://support.microsoft.com/en-us/help/5058430 )
- KB5058454 ( https://support.microsoft.com/en-us/help/5058454 )
- KB5061036 ( https://support.microsoft.com/en-us/help/5061036 )
- KB5061078 ( https://support.microsoft.com/en-us/help/5061078 )
- KB5062619 ( https://support.microsoft.com/en-us/help/5062619 )
- KB5062632 ( https://support.microsoft.com/en-us/help/5062632 )
- KB5063927 ( https://support.microsoft.com/en-us/help/5063927 )
- KB5063947 ( https://support.microsoft.com/en-us/help/5063947 )
- KB5065468 ( https://support.microsoft.com/en-us/help/5065468 )
- KB5065510 ( https://support.microsoft.com/en-us/help/5065510 )
- KB5066872 ( https://support.microsoft.com/en-us/help/5066872 )
- KB5066876 ( https://support.microsoft.com/en-us/help/5066876 )
- KB5068904 ( https://support.microsoft.com/en-us/help/5068904 )
- KB5068908 ( https://support.microsoft.com/en-us/help/5068908 )
- KB5071501 ( https://support.microsoft.com/en-us/help/5071501 )
- KB5071506 ( https://support.microsoft.com/en-us/help/5071506 )
- KB5073695 ( https://support.microsoft.com/en-us/help/5073695 )
- KB5073699 ( https://support.microsoft.com/en-us/help/5073699 )

92369 - Microsoft Windows Time Zone Information
-
Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2023/06/06
Plugin Output

tcp/0

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Pacific Standard Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-212
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-211
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0x000001E0
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0x000001E0
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000300020002000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000b00010002000000000000000000

10719 - MySQL Server Detection
-
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MySQL, an open source database server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0802
Plugin Information
Published: 2001/08/13, Modified: 2025/09/24
Plugin Output

tcp/3306/mysql


Service : mysql
Version : unknown

147021 - MySQL Server Installed (Windows)
-
Synopsis
MySQL Database Server is installed on the remote Windows host.
Description
MySQL Server, an open-source relational database, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/03/04, Modified: 2026/01/20
Plugin Output

tcp/0


Path : c:\wamp\bin\mysql\mysql5.5.20\bin\
Version : 5.5.20.0
19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2025/10/29
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.11.2
Nessus build : 20042
Plugin feed version : 202602110122
Scanner edition used : Nessus
Scanner OS : LINUX
Scanner distribution : es9-x86-64
Scan type : Normal
Scan name : Proyecto4_CajaBlanca
Scan policy used : Basic Network Scan
Scanner IP : 192.168.122.1
Port scanner(s) : wmi_netstat
Port range : default
Ping RTT : 52.878 ms
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '192.168.122.168\vagrant' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 4
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2026/2/11 20:27 CET (UTC +01:00)
Scan duration : 1770 sec
Scan for malware : no
64582 - Netstat Connection Information
-
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/13, Modified: 2023/05/23
Plugin Output

tcp/0

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/0


Nessus was able to find 48 open ports.

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/135/epmap

Port 135/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/137/netbios-ns

Port 137/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/138

Port 138/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/139/smb

Port 139/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/445/cifs

Port 445/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/500

Port 500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/1617

Port 1617/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/3000/www

Port 3000/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/3306/mysql

Port 3306/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/3389/msrdp

Port 3389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/3700/giop

Port 3700/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/4500

Port 4500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/4848

Port 4848/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/5353

Port 5353/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/5355/llmnr

Port 5355/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/5985/www

Port 5985/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/7676/imqbrokerd

Port 7676/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8019

Port 8019/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8020/www

Port 8020/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8022/www

Port 8022/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8027

Port 8027/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8028

Port 8028/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8031

Port 8031/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8032

Port 8032/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8080/www

Port 8080/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8181

Port 8181/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8383/www

Port 8383/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8443

Port 8443/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8444

Port 8444/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8484/www

Port 8484/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8585/www

Port 8585/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/8686

Port 8686/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/9200/elasticsearch

Port 9200/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/9300

Port 9300/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/33848

Port 33848/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/47001/www

Port 47001/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49152/dce-rpc

Port 49152/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49153/dce-rpc

Port 49153/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49154/dce-rpc

Port 49154/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49175/dce-rpc

Port 49175/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49176

Port 49176/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49177

Port 49177/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49178/dce-rpc

Port 49178/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49179

Port 49179/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49205/dce-rpc

Port 49205/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49236/ssh

Port 49236/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

tcp/49237

Port 49237/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2026/02/09
Plugin Output

udp/54328

Port 54328/udp was found to be open

24272 - Network Interfaces Enumeration (WMI)
-
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2026/01/20
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000012] Intel(R) PRO/1000 MT Network Connection
- MAC Address = 52:54:00:64:7E:B3
- IPAddress/IPSubnet = 192.168.122.168/255.255.255.0
- IPAddress/IPSubnet = fe80::8900:cda8:fb3f:e1a1/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 192.168.122.1
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.122.0 255.255.255.0 0.0.0.0
192.168.122.168 255.255.255.255 0.0.0.0
192.168.122.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
209654 - OS Fingerprints Detected
-
Synopsis
Multiple OS fingerprints were detected.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/02/26, Modified: 2025/03/03
Plugin Output

tcp/0


Following OS Fingerprints were found

Remote operating system : Microsoft Windows 8.1
Confidence level : 56
Method : MLSinFP
Type : unknown
Fingerprint : unknown

Remote operating system : Microsoft Windows 7
Microsoft Windows Server 2008 R2
Confidence level : 70
Method : Misc
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 100
Method : SMB_OS
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 66
Method : RDP
Type : general-purpose
Fingerprint : RDP:000000000f00000010000100080001000900000001001000100010

Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 70
Method : HTTP
Type : general-purpose
Fingerprint : HTTP:Server: Microsoft-HTTPAPI/2.0


Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 70
Method : SinFP
Type : general-purpose
Fingerprint : SinFP:
P1:B11113:F0x12:W8192:O0204ffff:M1460:
P2:B11113:F0x12:W8192:O0204ffff010303080402080affffffff44454144:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:191602_7_p=8031

Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 70
Method : smb
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 99
Method : MSRPC
Type : general-purpose
Fingerprint : unknown

Following fingerprints could not be used to determine OS :
SSH:!:SSH-2.0-SSHD-CORE-0.8.0
SSLcert:!:i/CN:localhosti/O:Oracle Corporationi/OU:GlassFishs/CN:localhosts/O:Oracle Corporations/OU:GlassFish
4a5758f59279e82f2a913c83ca658d6964575a72
i/CN:localhosti/O:Oracle Corporationi/OU:GlassFishs/CN:localhosts/O:Oracle Corporations/OU:GlassFish
4a5758f59279e82f2a913c83ca658d6964575a72
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2025/06/03
Plugin Output

tcp/0


Remote operating system : Microsoft Windows Server 2008 R2 Standard Service Pack 1
Confidence level : 100
Method : SMB_OS


The remote host is running Microsoft Windows Server 2008 R2 Standard Service Pack 1

117887 - OS Security Patch Assessment Available
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0516
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output

tcp/445/cifs

OS Security Patch Assessment is available.

Account : 192.168.122.168\vagrant
Protocol : SMB

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/11/30, Modified: 2020/06/12
Plugin Output

tcp/8383/www

55930 - Oracle GlassFish HTTP Server Version
-
Synopsis
It was possible to obtain the version number of the remote Oracle GlassFish HTTP server.
Description
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/08/16, Modified: 2022/10/12
Plugin Output

tcp/4848


URL : http://192.168.122.168:4848/
Version : 4.0

55930 - Oracle GlassFish HTTP Server Version
-
Synopsis
It was possible to obtain the version number of the remote Oracle GlassFish HTTP server.
Description
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/08/16, Modified: 2022/10/12
Plugin Output

tcp/8080/www


URL : http://192.168.122.168:8080/
Version : 4.0

55930 - Oracle GlassFish HTTP Server Version
-
Synopsis
It was possible to obtain the version number of the remote Oracle GlassFish HTTP server.
Description
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/08/16, Modified: 2022/10/12
Plugin Output

tcp/8181


URL : http://192.168.122.168:8181/
Version : 4.0

71462 - Oracle Java JRE Premier Support and Extended Support Version Detection
-
Synopsis
The remote host contains one or more versions of the Oracle Java JRE that require long-term support.
Description
According to its version, there is at least one install of Oracle (formerly Sun) Java JRE that is potentially under either Premier Support or Extended Support.

Note that both support programs require vendor contracts. Premier Support provides upgrades and security fixes for five years after the general availability (GA) date. Extended Support provides upgrades and security fixes for three years after Premier Support ends.
See Also
Solution
To continue receiving updates and security fixes, contact the vendor regarding Premier Support or Extended Support contracts.
Risk Factor
None
Plugin Information
Published: 2013/12/16, Modified: 2022/04/11
Plugin Output

tcp/445/cifs



The following Java JRE installs are in Extended Support status :

Path : C:\Program Files\Java\jre1.8.0_141
Version : 8.0.141.15
Support dates : 2022-03-01 (end of Premier Support) / 2030-12-01 (end of Extended Support)

Path : C:\Program Files (x86)\Java\jre1.8.0_141
Version : 8.0.141.15
Support dates : 2022-03-01 (end of Premier Support) / 2030-12-01 (end of Extended Support)

33545 - Oracle Java Runtime Environment (JRE) Detection
-
Synopsis
There is a Java runtime environment installed on the remote Windows host.
Description
One or more instances of Oracle's (formerly Sun's) Java Runtime Environment (JRE) is installed on the remote host. This may include private JREs bundled with the Java Development Kit (JDK).

- Additional instances of Java may be discovered if thorough tests are enabled.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0690
Plugin Information
Published: 2008/07/18, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\Program Files (x86)\Java\jre1.8.0_141\
Version : 8.0.141.15
Binary Location : C:\Program Files (x86)\Java\jre1.8.0_141\bin\java.exe

tcp/0


Path : C:\Program Files\Java\jre1.8.0_141\
Version : 8.0.141.15
Binary Location : C:\Program Files\Java\jre1.8.0_141\bin\java.exe

48243 - PHP Version Detection
-
Synopsis
It was possible to obtain the version number of the remote PHP installation.
Description
Nessus was able to determine the version of PHP available on the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0936
Plugin Information
Published: 2010/08/04, Modified: 2026/01/22
Plugin Output

tcp/8585/www


Nessus was able to identify the following PHP version information :

Version : 5.3.10
Source : Server: Apache/2.2.21 (Win64) PHP/5.3.10 DAV/2
Source : X-Powered-By: PHP/5.3.10
Backported : 0

66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Published: 2013/07/08, Modified: 2026/02/10
Plugin Output

tcp/0



. You need to take the following 138 actions :

+ Install the following Microsoft patches :
- KB5073699
- KB5073695 (9 vulnerabilities)
- KB5071506
- KB5068908
- KB5066876
- KB5065510
- KB5063927
- KB5062619
- KB5061036
- KB5058454
- KB5058430 (131 vulnerabilities)
- KB5055570
- KB5053627
- KB5052032
- KB5050006
- KB5048676
- KB5046705
- KB5044321
- KB3185911 (8 vulnerabilities)
- KB3161958
- KB3161949
- KB3161561
- KB3159398
- KB3156019 (3 vulnerabilities)
- KB3149090 (2 vulnerabilities)
- KB3139940 (3 vulnerabilities)
- KB3139914
- KB3139398
- KB3135983 (1 vulnerabilities)
- KB3133043 (1 vulnerabilities)
- KB3127220
- KB3126593 (1 vulnerabilities)
- KB3126587 (1 vulnerabilities)
- KB3109103
- KB3109094 (8 vulnerabilities)
- KB3108670 (3 vulnerabilities)
- KB3108664
- KB3101722
- KB3098781
- KB3098778
- KB3097996 (1 vulnerabilities)
- KB3097989 (1 vulnerabilities)
- KB3087039
- KB3084135 (1 vulnerabilities)
- KB3078601 (8 vulnerabilities)
- KB3076895 (7 vulnerabilities)
- KB3075220 (1 vulnerabilities)
- KB3074550
- KB3074543
- KB3074230
- KB3071756 (13 vulnerabilities)
- KB3063858 (4 vulnerabilities)
- KB3060716
- KB3059317 (1 vulnerabilities)
- KB3055642
- KB3045171 (4 vulnerabilities)
- KB3042553
- KB3037574
- KB3035126
- KB3030377
- KB3023224 (1 vulnerabilities)
- KB3023215
- KB3022777
- KB3021674
- KB3019978
- KB3004361
- KB2991963
- KB2972216
- KB2972211
- KB2972100
- KB2957689 (22 vulnerabilities)
- KB2957189 (7 vulnerabilities)
- KB2937610 (5 vulnerabilities)
- KB2931356 (1 vulnerabilities)
- KB2900986 (3 vulnerabilities)
- KB2898869
- KB2898851
- KB2893294
- KB2892074
- KB2868626
- KB2864058 (1 vulnerabilities)
- KB2855844 (3 vulnerabilities)
- KB2847204
- KB2807986
- KB2789645
- KB2770660
- KB2765809
- KB2743555 (1 vulnerabilities)
- KB2742599 (2 vulnerabilities)
- KB2729452
- KB2709715 (1 vulnerabilities)
- KB2705219 (1 vulnerabilities)
- KB2698365
- KB2690533
- KB2676562 (10 vulnerabilities)
- KB2656356
- KB2654428
- KB2653956 (1 vulnerabilities)
- KB2643719
- KB2620712
- KB2604115 (6 vulnerabilities)
- KB2570947
- KB2564958 (2 vulnerabilities)
- KB2544893 (1 vulnerabilities)
- KB2536276 (2 vulnerabilities)
- KB2536275 (3 vulnerabilities)
- KB2509553 (2 vulnerabilities)
- KB2506212
- KB2475792 (1 vulnerabilities)
- KB2425227

[ 7-Zip < 25.01 (249179) ]

+ Action to take : Upgrade to 7-Zip version 25.01 or later.

+Impact : Taking this action will resolve 14 different vulnerabilities (CVEs).



[ Apache 2.4.x < 2.4.59 Multiple Vulnerabilities (192923) ]

+ Action to take : Upgrade to Apache version 2.4.59 or later.

+Impact : Taking this action will resolve 51 different vulnerabilities (CVEs).



[ Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103) ]

+ Action to take : Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.


[ Apache Struts 2.x <= 2.3.37 / 2.5.x <= 2.5.33 / 6.x < 6.1.1 XML External Entity Injection in XWork (S2-069) (290256) ]

+ Action to take : Upgrade to Apache Struts version 6.1.1 or later.

+Impact : Taking this action will resolve 37 different vulnerabilities (CVEs).



[ Elasticsearch ESA-2015-06 (119499) ]

+ Action to take : Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol port.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ Elasticsearch Transport Protocol Unspecified Remote Code Execution (105752) ]

+ Action to take : Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol port

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security Update (137260) ]

+ Action to take : Apply Security Only update KB4561669 or Cumulative Update KB4561643.

+Impact : Taking this action will resolve 71 different vulnerabilities (CVEs).



[ MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) (56738) ]

+ Action to take : Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.


[ MS12-016: Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) (57950) ]

+ Action to take : Microsoft has released a set of patches for .NET Framework 2.0, 3.5.1, and 4 as well as Silverlight 4.

+Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).



[ MS12-045: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) (59908) ]

+ Action to take : Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.


[ MS13-029: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223) (65876) ]

+ Action to take : Microsoft has released a set of patches for Windows XP, 2003, Vista, 7, 2008, and 2008 R2.


[ MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561) (67209) ]

+ Action to take : Microsoft has released a set of patches for .NET Framework 1.0, 1.1, 2.0, 3.0, 3.5, 3.5.1, 4.0, and 4.5 as well as Silverlight 5.

+Impact : Taking this action will resolve 7 different vulnerabilities (CVEs).



[ MS13-069: Cumulative Security Update for Internet Explorer (2870699) (69829) ]

+ Action to take : Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.

+Impact : Taking this action will resolve 151 different vulnerabilities (CVEs).



[ MS15-039: Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) (82775) ]

+ Action to take : Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, and 2008 R2.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).



[ MS15-097: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) (85877) ]

+ Action to take : Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Lync 2010, Lync 2010 Attendee, Lync 2013 (Skype for Business), Lync Basic 2013, and Live Meeting 2007.

+Impact : Taking this action will resolve 11 different vulnerabilities (CVEs).



[ MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507) (86825) ]

+ Action to take : Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2, and 4.6.

+Impact : Taking this action will resolve 24 different vulnerabilities (CVEs).



[ MS16-035: Security Update for .NET Framework to Address Security Feature Bypass (3141780) (89757) ]

+ Action to take : Microsoft has released a set of patches for .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5.1, 4.5.2, 4.6, and 4.6.1.

+Impact : Taking this action will resolve 43 different vulnerabilities (CVEs).



[ MS17-013: Security Update for Microsoft Graphics Component (4013075) (97794) ]

+ Action to take : Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.
Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5.

+Impact : Taking this action will resolve 39 different vulnerabilities (CVEs).



[ MS17-016: Security Update for Windows IIS (4013074) (97741) ]

+ Action to take : Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.


[ MS17-021: Security Update for Windows DirectShow (4010318) (97736) ]

+ Action to take : Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

Note that the Microsoft Bulletin contains contradictory information regarding the Windows 2012 Security Only Update and the Windows 2012 Monthly Rollup Update. These updates may not resolve the vulnerability. Please contact Microsoft for clarification if you are running Windows 2012.


[ MS17-022: Security Update for Microsoft XML Core Services (4010321) (97742) ]

+ Action to take : Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.

+Impact : Taking this action will resolve 7 different vulnerabilities (CVEs).



[ ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (CVE-2021-44757) (156790) ]

+ Action to take : See vendor advisory.

+Impact : Taking this action will resolve 8 different vulnerabilities (CVEs).



[ ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References (216265) ]

+ Action to take : Upgrade to ManageEngine Endpoint Central versions 11.3.2428.26, 11.3.2440.09 or later.

+Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).



[ Microsoft RDP RCE (CVE-2019-0708) (BlueKeep) (uncredentialed check) (125313) ]

+ Action to take : Microsoft has released a set of patches for Windows XP, 2003, 2008, 7, and 2008 R2.

+Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).



[ MySQL Denial of Service (Jul 2020 CPU) (138561) ]

+ Action to take : Refer to the vendor advisory.

+Impact : Taking this action will resolve 27 different vulnerabilities (CVEs).



[ Oracle Java SE Multiple Vulnerabilities (January 2026 CPU) (294870) ]

+ Action to take : Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.

+Impact : Taking this action will resolve 360 different vulnerabilities (CVEs).



[ PHP 5.3.x < 5.3.29 Multiple Vulnerabilities (77285) ]

+ Action to take : Upgrade to PHP version 5.3.29 or later.

+Impact : Taking this action will resolve 35 different vulnerabilities (CVEs).



[ Security Updates for Internet Explorer (September 2017) (104896) ]

+ Action to take : Microsoft has released security updates for the affected versions of Internet Explorer.

+Impact : Taking this action will resolve 581 different vulnerabilities (CVEs).


66173 - RDP Screenshot
-
Synopsis
It is possible to take a screenshot of the remote login screen.
Description
This script attempts to connect to the remote host via RDP (Remote Desktop Protocol) and attempts to take a screenshot of the login screen.

While this is not a vulnerability by itself, some versions of Windows display the names of the users who can connect and which ones are connected already.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/04/22, Modified: 2025/09/29
Plugin Output

tcp/3389/msrdp

It was possible to gather the following screenshot of the remote login screen.

92429 - Recycle Bin Files
-
Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\$Recycle.Bin\\.
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-21-3331990163-568474530-1720004626-1000
C:\\$Recycle.Bin\\S-1-5-21-3331990163-568474530-1720004626-1000\.
C:\\$Recycle.Bin\\S-1-5-21-3331990163-568474530-1720004626-1000\..
C:\\$Recycle.Bin\\S-1-5-21-3331990163-568474530-1720004626-1000\desktop.ini

10940 - Remote Desktop Protocol Service Detection
-
Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Published: 2002/04/20, Modified: 2023/08/21
Plugin Output

tcp/3389/msrdp

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/22

The target SSH server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/3389/msrdp

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/4848

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/8031

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/8181

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/8383/www

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/8443

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/49236/ssh

The target SSH server offers no post-quantum ciphers.

62042 - SMB QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/09/11, Modified: 2022/02/01
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB123456, Installed on: 2017/08/07
KB976902, Installed on: 2010/11/21
KB976932, Installed on: 2010/11/21
KB976933, Installed on: 2010/11/21

10860 - SMB Use Host SID to Enumerate Local Users
-
Synopsis
Nessus was able to enumerate local users.
Description
Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2023/02/28
Plugin Output

tcp/445/cifs


- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- vagrant (id 1000)
- sshd (id 1001)
- sshd_server (id 1002)
- leia_organa (id 1004)
- luke_skywalker (id 1005)
- han_solo (id 1006)
- artoo_detoo (id 1007)
- c_three_pio (id 1008)
- ben_kenobi (id 1009)
- darth_vader (id 1010)
- anakin_skywalker (id 1011)
- jarjar_binks (id 1012)
- lando_calrissian (id 1013)
- boba_fett (id 1014)
- jabba_hutt (id 1015)
- greedo (id 1016)
- chewbacca (id 1017)
- kylo_ren (id 1018)

Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated local users with IDs between
1000 and 1200. To use a different range, edit the scan policy
and change the 'Enumerate Local Users: Start UID' and/or 'End UID'
preferences under 'Assessment->Windows' and re-run the scan. Only
UIDs between 1 and 2147483647 are allowed for this range.

70657 - SSH Algorithms and Languages Supported
-
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/28, Modified: 2026/01/12
Plugin Output

tcp/49236/ssh


Nessus negotiated the following encryption algorithm(s) with the server :

Client to Server: aes128-ctr
Server to Client: aes128-ctr

The server supports the following options for compression_algorithms_server_to_client :

none

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-sha1
hmac-sha1-96

The server supports the following options for server_host_key_algorithms :

ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
blowfish-cbc

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-sha1
hmac-sha1-96

The server supports the following options for kex_algorithms :

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for compression_algorithms_client_to_server :

none

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
blowfish-cbc
153588 - SSH SHA-1 HMAC Algorithms Enabled
-
Synopsis
The remote SSH server is configured to enable SHA-1 HMAC algorithms.
Description
The remote SSH server is configured to enable SHA-1 HMAC algorithms.

Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions.

Note that this plugin only checks for the options of the remote SSH server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/09/23, Modified: 2022/04/05
Plugin Output

tcp/49236/ssh


The following client-to-server SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are supported :

hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96

The following server-to-client SHA-1 Hash-based Message Authentication Code (HMAC) algorithms are supported :

hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96
10267 - SSH Server Type and Version Information
-
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0933
Plugin Information
Published: 1999/10/12, Modified: 2024/07/24
Plugin Output

tcp/49236/ssh


SSH version : SSH-2.0-SSHD-CORE-0.8.0
SSH supported authentication : none

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/3389/msrdp


This port supports TLSv1.0.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/4848


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/8031


This port supports TLSv1.0.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/8181


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/8383/www


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/8443


This port supports TLSv1.0.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/4848


The host name known by Nessus is :

vagrant-2008r2

The Common Name in the certificate is :

localhost

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/8181


The host name known by Nessus is :

vagrant-2008r2

The Common Name in the certificate is :

localhost

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/8383/www


The host name known by Nessus is :

vagrant-2008r2

The Common Name in the certificate is :

desktop central

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: vagrant-2008R2

Issuer Name:

Common Name: vagrant-2008R2

Serial Number: 12 61 C3 4C 22 0B 4A B8 47 7F FE D6 5B 58 9F 30

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Feb 10 19:09:42 2026 GMT
Not Valid After: Aug 12 19:09:42 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B7 38 27 CC 1D DE E9 F7 D1 34 8C ED F0 D3 46 87 1E 37 82
F3 83 AC B2 3C 6A 12 D1 D6 76 FE DF 1F 5B C1 77 39 C0 F7 8D
D1 B9 23 AA 44 F5 ED 08 4D A8 69 03 96 CB BD 02 FC 29 83 4D
29 CD 89 79 94 0C B6 5F 3B 21 60 7B D6 7D 60 25 1F C7 F0 C8
82 7D FA EF D1 AA 61 B6 E9 F7 CA 11 CA 0E AA 4C 6D D9 6E 6C
D7 20 03 F2 59 62 C3 E0 66 92 51 4B 55 04 BC 23 CE 7F 3B 56
6F 52 11 FD E6 54 D2 7A BE EF D8 2C F7 E1 ED 85 E5 88 AB 81
FA 3E 46 69 83 89 0E 56 D1 10 44 67 E7 34 3A BB 15 CD CC B5
2F F8 73 EC 92 20 10 AF 97 43 AD D1 21 A0 7F 13 76 89 33 55
C9 32 25 B2 0C 11 2F A2 5C 58 70 E3 5A AA F0 E4 CE 0F 11 B0
57 40 B3 85 05 7B 4C 4F A3 20 87 AE A7 14 81 CF 96 D3 4A F4
1B B4 01 19 F8 6B 05 26 9A 10 41 22 2F BD 6E 65 17 3A A8 63
48 64 06 D4 AA 68 77 79 8D A7 3C B1 14 6A D2 B1 91
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 B6 7F AD 40 8F 9B 64 F3 03 24 1D 77 67 12 8B 5D F9 44 20
E0 EA 67 DA 97 6A B2 95 28 B0 9F 6F D8 B0 9E D0 30 D6 1D 23
D6 C1 6A 5C 1A 1F CE 6E D4 0F EC 39 13 66 12 34 B5 D7 81 3A
37 96 2F 62 0A D5 9C 79 91 8A 35 50 C6 26 39 EA AF 37 0D 93
59 54 17 2B 7B 39 D9 FC 0E 59 EB 9D D6 31 90 66 2E 20 56 0A
19 96 9F B5 9C 7F B4 77 F5 F2 96 E8 EC B9 13 63 3F CC C2 E5
1F 76 51 BE C2 52 CE 98 10 4E 04 90 30 6E C3 3F AF 67 A0 A6
9F E7 78 98 DA 20 C5 AF FF B1 D9 9A 3C D9 9A 1F 16 BA 6A 4A
B6 C4 AB F9 82 C5 F0 D5 30 77 95 49 AA 2F 7E E9 40 E5 F3 80
E9 67 C9 4D EE 53 F4 AB F4 94 1C 37 08 35 CD 21 37 7B 86 15
A0 40 D2 44 39 4E 29 27 98 6C D5 B4 5F 54 DF 02 89 62 C0 D6
3C B5 E5 76 68 64 C3 F2 D9 A2 C4 6C F3 B2 E1 75 4E 6A D0 A7
39 13 02 43 D5 37 E4 1F 8C DF 94 BC FA E1 F7 B0 BB

Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: D0 BA 7A 7F 93 C7 BD 77 89 2F 59 39 B0 34 5B DA 96 9A 74 AD
29 2E 00 E8 47 07 99 40 22 D6 0F 6B
SHA-1 Fingerprint: 4E 66 0E 2F 9A C4 F5 20 12 B7 A8 F4 EA AF 6E D9 74 80 CB F6
MD5 Fingerprint: 5A 5C 86 BA 81 42 32 27 D3 BE 2F D3 F9 E6 4B 03


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC4DCCAcigAwIBAgIQEmHDTCILSrhHf/7WW1ifMDANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDEw52YWdyYW50LTIwMDhSMjAeFw0yNjAyMTAxOTA5NDJaFw0yNjA4MTIxOTA5NDJaMBkxFzAVBgNVBAMTDnZhZ3JhbnQtMjAwOFIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzgnzB3e6ffRNIzt8NNGhx43gvODrLI8ahLR1nb+3x9bwXc5wPeN0bkjqkT17QhNqGkDlsu9Avwpg00pzYl5lAy2XzshYHvWfWAlH8fwyIJ9+u/RqmG26ffKEcoOqkxt2W5s1yAD8lliw+BmklFLVQS8I85/O1ZvUhH95lTSer7v2Cz34e2F5Yirgfo+RmmDiQ5W0RBEZ+c0OrsVzcy1L/hz7JIgEK+XQ63RIaB/E3aJM1XJMiWyDBEvolxYcONaqvDkzg8RsFdAs4UFe0xPoyCHrqcUgc+W00r0G7QBGfhrBSaaEEEiL71uZRc6qGNIZAbUqmh3eY2nPLEUatKxkQIDAQABoyQwIjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBDAwDQYJKoZIhvcNAQEFBQADggEBALZ/rUCPm2TzAyQdd2cSi135RCDg6mfal2qylSiwn2/YsJ7QMNYdI9bBalwaH85u1A/sORNmEjS114E6N5YvYgrVnHmRijVQxiY56q83DZNZVBcreznZ/A5Z653WMZBmLiBWChmWn7Wcf7R39fKW6Oy5E2M/zMLlH3ZRvsJSzpgQTgSQMG7DP69noKaf53iY2iDFr/+x2Zo82ZofFrpqSrbEq/mCxfDVMHeVSaovfulA5fOA6WfJTe5T9Kv0lBw3CDXNITd7hhWgQNJEOU4pJ5hs1bRfVN8CiWLA1jy15XZoZMPy2aLEbPOy4XVOatCnORMCQ9U35B+M35S8+uH3sLs=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/4848

Subject Name:

Country: US
State/Province: California
Locality: Santa Clara
Organization: Oracle Corporation
Organization Unit: GlassFish
Common Name: localhost

Issuer Name:

Country: US
State/Province: California
Locality: Santa Clara
Organization: Oracle Corporation
Organization Unit: GlassFish
Common Name: localhost

Serial Number: 04 A9 97 2F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: May 15 05:33:38 2013 GMT
Not Valid After: May 13 05:33:38 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D2 D2 E7 3B 66 72 C0 91 27 36 44 64 7C 7D 1D CE 5F 38 10
47 B5 C9 88 10 64 26 2F 11 47 51 97 81 E3 C7 22 B0 04 CF 9F
36 79 5B 45 F4 C1 C8 C0 E6 B0 E2 93 1A 81 57 C0 A2 1E 12 C2
CF CE 11 F3 0B C3 D6 6E 4C 6B CC DF 28 04 F0 13 3C E5 BD 4E
72 52 AC D4 5A 7E 07 D4 1A 32 82 EC B2 9D 53 80 C5 FF 05 7B
5E B1 C7 4A C2 62 B2 B5 67 80 56 4C 06 15 75 6A 81 FF F4 7B
81 B1 8D CF 2A D7 64 A5 1B A2 F2 B1 34 88 73 67 7D 3D B0 E6
36 6A 7A 55 24 9E 6E 18 E4 CB 50 AA 27 C2 11 18 88 9B 10 61
1B 6F 2B BD F8 D5 AE EF 15 04 EA AB 9E E8 74 FA 8C E4 3E D6
1F AE B2 61 E8 0C 52 FE E5 C6 B3 34 FA 62 A9 10 76 C1 11 4E
5E E1 C0 E0 DC 18 37 F5 2A 70 29 95 51 1B C8 CA 8B EA AE 0E
73 6F 4A F6 EB 15 FA 54 EF B2 33 53 63 FB E1 0A B4 06 24 5D
74 84 A2 57 E5 3B A8 A4 44 59 26 58 E9 24 5C AE A1
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 13 38 E9 98 16 91 A6 A2 A5 99 64 F1 49 FD C1 2B 0D DD 89
C7 41 68 1D FE 3B CF 1F EC 47 84 73 0E 5B E1 ED AE B3 E9 67
CB 94 64 3E 6B 38 01 D2 A9 A5 E7 FB 1A 12 B1 3B 36 FE 08 B2
A3 FC DB 01 4B C6 C4 43 DE A8 96 4A 69 11 50 85 CD 86 64 9C
98 27 A3 17 F2 CD E1 53 62 26 CF E2 54 A6 DD A5 86 12 59 32
0C CC 85 31 43 20 3B A3 BA 93 78 C0 82 DC D5 1A 95 6C 3D FC
49 1F 99 BC 1D 28 DA BA 50 5E 12 94 A5 11 AC AC 18 E3 DA 58
9C D6 32 59 99 2B 4D AC C5 68 7A E5 E6 CC 3E 9B 10 C7 AD E9
AE 9E C0 62 7B D0 AD 9B 04 63 92 D8 54 F7 4B 82 AB 4B 85 F7
EF 35 2D 4A 56 A2 70 36 FD E4 48 D5 8D CF 1F C7 29 30 91 B4
9B 60 19 CF FA 4C 7B F3 F8 2E 90 4B 6B E0 EF C6 B3 88 31 E2
60 B6 58 8D 5A 4E D7 B0 97 6B 9A 0B 72 12 5D F8 BE 75 4A E6
53 8D 66 6E AA D2 9C 58 9F D4 25 ED E3 F4 18 4E 0C

Extension: Subject Key Identifier(2.5.29.14)
Critical: 0
Subject Key Identifier: 4C 05 82 BD 8C 02 B8 05 00 04 14 0A FB 29 AA F7 48 6C CB 86


Fingerprints :

SHA-256 Fingerprint: AB 48 B2 E6 C4 4C 50 86 7F B3 70 30 83 F1 CE E8 06 F4 B5 75
F0 E3 AD 5B 23 38 10 02 A8 85 F5 56
SHA-1 Fingerprint: 4A 57 58 F5 92 79 E8 2F 2A 91 3C 83 CA 65 8D 69 64 57 5A 72
MD5 Fingerprint: 79 0D FC CF 99 32 2B BE 77 36 40 4A 14 E1 2D 91


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDmTCCAoGgAwIBAgIEBKmXLzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGzAZBgNVBAoTEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxMJR2xhc3NGaXNoMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTMwNTE1MDUzMzM4WhcNMjMwNTEzMDUzMzM4WjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGzAZBgNVBAoTEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxMJR2xhc3NGaXNoMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS0uc7ZnLAkSc2RGR8fR3OXzgQR7XJiBBkJi8RR1GXgePHIrAEz582eVtF9MHIwOaw4pMagVfAoh4Sws/OEfMLw9ZuTGvM3ygE8BM85b1OclKs1Fp+B9QaMoLssp1TgMX/BXtescdKwmKytWeAVkwGFXVqgf/0e4Gxjc8q12SlG6LysTSIc2d9PbDmNmp6VSSebhjky1CqJ8IRGIibEGEbbyu9+NWu7xUE6que6HT6jOQ+1h+usmHoDFL+5cazNPpiqRB2wRFOXuHA4NwYN/UqcCmVURvIyovqrg5zb0r26xX6VO+yM1Nj++EKtAYkXXSEolflO6ikRFkmWOkkXK6hAgMBAAGjITAfMB0GA1UdDgQWBBRMBYK9jAK4BQAEFAr7Kar3SGzLhjANBgkqhkiG9w0BAQsFAAOCAQEAEzjpmBaRpqKlmWTxSf3BKw3dicdBaB3+O88f7EeEcw5b4e2us+lny5RkPms4AdKppef7GhKxOzb+CLKj/NsBS8bEQ96olkppEVCFzYZknJgnoxfyzeFTYibP4lSm3aWGElkyDMyFMUMgO6O6k3jAgtzVGpVsPfxJH5m8HSjaulBeEpSlEaysGOPaWJzWMlmZK02sxWh65ebMPpsQx63prp7AYnvQrZsEY5LYVPdLgqtLhffvNS1KVqJwNv3kSNWNzx/HKTCRtJtgGc/6THvz+C6QS2vg78aziDHiYLZYjVpO17CXa5oLchJd+L51SuZTjWZuqtKcWJ/UJe3j9BhODA==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8181

Subject Name:

Country: US
State/Province: California
Locality: Santa Clara
Organization: Oracle Corporation
Organization Unit: GlassFish
Common Name: localhost

Issuer Name:

Country: US
State/Province: California
Locality: Santa Clara
Organization: Oracle Corporation
Organization Unit: GlassFish
Common Name: localhost

Serial Number: 04 A9 97 2F

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: May 15 05:33:38 2013 GMT
Not Valid After: May 13 05:33:38 2023 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 D2 D2 E7 3B 66 72 C0 91 27 36 44 64 7C 7D 1D CE 5F 38 10
47 B5 C9 88 10 64 26 2F 11 47 51 97 81 E3 C7 22 B0 04 CF 9F
36 79 5B 45 F4 C1 C8 C0 E6 B0 E2 93 1A 81 57 C0 A2 1E 12 C2
CF CE 11 F3 0B C3 D6 6E 4C 6B CC DF 28 04 F0 13 3C E5 BD 4E
72 52 AC D4 5A 7E 07 D4 1A 32 82 EC B2 9D 53 80 C5 FF 05 7B
5E B1 C7 4A C2 62 B2 B5 67 80 56 4C 06 15 75 6A 81 FF F4 7B
81 B1 8D CF 2A D7 64 A5 1B A2 F2 B1 34 88 73 67 7D 3D B0 E6
36 6A 7A 55 24 9E 6E 18 E4 CB 50 AA 27 C2 11 18 88 9B 10 61
1B 6F 2B BD F8 D5 AE EF 15 04 EA AB 9E E8 74 FA 8C E4 3E D6
1F AE B2 61 E8 0C 52 FE E5 C6 B3 34 FA 62 A9 10 76 C1 11 4E
5E E1 C0 E0 DC 18 37 F5 2A 70 29 95 51 1B C8 CA 8B EA AE 0E
73 6F 4A F6 EB 15 FA 54 EF B2 33 53 63 FB E1 0A B4 06 24 5D
74 84 A2 57 E5 3B A8 A4 44 59 26 58 E9 24 5C AE A1
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 13 38 E9 98 16 91 A6 A2 A5 99 64 F1 49 FD C1 2B 0D DD 89
C7 41 68 1D FE 3B CF 1F EC 47 84 73 0E 5B E1 ED AE B3 E9 67
CB 94 64 3E 6B 38 01 D2 A9 A5 E7 FB 1A 12 B1 3B 36 FE 08 B2
A3 FC DB 01 4B C6 C4 43 DE A8 96 4A 69 11 50 85 CD 86 64 9C
98 27 A3 17 F2 CD E1 53 62 26 CF E2 54 A6 DD A5 86 12 59 32
0C CC 85 31 43 20 3B A3 BA 93 78 C0 82 DC D5 1A 95 6C 3D FC
49 1F 99 BC 1D 28 DA BA 50 5E 12 94 A5 11 AC AC 18 E3 DA 58
9C D6 32 59 99 2B 4D AC C5 68 7A E5 E6 CC 3E 9B 10 C7 AD E9
AE 9E C0 62 7B D0 AD 9B 04 63 92 D8 54 F7 4B 82 AB 4B 85 F7
EF 35 2D 4A 56 A2 70 36 FD E4 48 D5 8D CF 1F C7 29 30 91 B4
9B 60 19 CF FA 4C 7B F3 F8 2E 90 4B 6B E0 EF C6 B3 88 31 E2
60 B6 58 8D 5A 4E D7 B0 97 6B 9A 0B 72 12 5D F8 BE 75 4A E6
53 8D 66 6E AA D2 9C 58 9F D4 25 ED E3 F4 18 4E 0C

Extension: Subject Key Identifier(2.5.29.14)
Critical: 0
Subject Key Identifier: 4C 05 82 BD 8C 02 B8 05 00 04 14 0A FB 29 AA F7 48 6C CB 86


Fingerprints :

SHA-256 Fingerprint: AB 48 B2 E6 C4 4C 50 86 7F B3 70 30 83 F1 CE E8 06 F4 B5 75
F0 E3 AD 5B 23 38 10 02 A8 85 F5 56
SHA-1 Fingerprint: 4A 57 58 F5 92 79 E8 2F 2A 91 3C 83 CA 65 8D 69 64 57 5A 72
MD5 Fingerprint: 79 0D FC CF 99 32 2B BE 77 36 40 4A 14 E1 2D 91


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDmTCCAoGgAwIBAgIEBKmXLzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGzAZBgNVBAoTEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxMJR2xhc3NGaXNoMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTMwNTE1MDUzMzM4WhcNMjMwNTEzMDUzMzM4WjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGzAZBgNVBAoTEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxMJR2xhc3NGaXNoMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS0uc7ZnLAkSc2RGR8fR3OXzgQR7XJiBBkJi8RR1GXgePHIrAEz582eVtF9MHIwOaw4pMagVfAoh4Sws/OEfMLw9ZuTGvM3ygE8BM85b1OclKs1Fp+B9QaMoLssp1TgMX/BXtescdKwmKytWeAVkwGFXVqgf/0e4Gxjc8q12SlG6LysTSIc2d9PbDmNmp6VSSebhjky1CqJ8IRGIibEGEbbyu9+NWu7xUE6que6HT6jOQ+1h+usmHoDFL+5cazNPpiqRB2wRFOXuHA4NwYN/UqcCmVURvIyovqrg5zb0r26xX6VO+yM1Nj++EKtAYkXXSEolflO6ikRFkmWOkkXK6hAgMBAAGjITAfMB0GA1UdDgQWBBRMBYK9jAK4BQAEFAr7Kar3SGzLhjANBgkqhkiG9w0BAQsFAAOCAQEAEzjpmBaRpqKlmWTxSf3BKw3dicdBaB3+O88f7EeEcw5b4e2us+lny5RkPms4AdKppef7GhKxOzb+CLKj/NsBS8bEQ96olkppEVCFzYZknJgnoxfyzeFTYibP4lSm3aWGElkyDMyFMUMgO6O6k3jAgtzVGpVsPfxJH5m8HSjaulBeEpSlEaysGOPaWJzWMlmZK02sxWh65ebMPpsQx63prp7AYnvQrZsEY5LYVPdLgqtLhffvNS1KVqJwNv3kSNWNzx/HKTCRtJtgGc/6THvz+C6QS2vg78aziDHiYLZYjVpO17CXa5oLchJd+L51SuZTjWZuqtKcWJ/UJe3j9BhODA==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8383/www

Subject Name:

Country: US
State/Province: CA
Locality: Pleasanton
Organization: Zoho Corporation
Organization Unit: ManageEngine
Common Name: Desktop Central
Email Address: support@desktopcentral.com

Issuer Name:

Country: US
State/Province: CA
Locality: Pleasanton
Organization: Zoho Corporation
Organization Unit: ManageEngine
Common Name: Desktop Central
Email Address: support@desktopcentral.com

Serial Number: 00 F5 9C EF 71 E6 DB 72 A5

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Sep 08 12:24:44 2010 GMT
Not Valid After: Sep 05 12:24:44 2020 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 F9 60 14 BA 57 70 0F 76 0A 9A 58 09 22 8C 85 07 44 AE 0A
43 A7 82 85 26 91 59 AC 3D 2F FE 2E F2 8D D3 D6 CF 09 AD 41
47 42 17 08 A3 92 CF 69 0E 01 AC 8B B3 1D 2F 32 CD 97 F4 9B
7B E2 09 37 59 02 20 E7 D5 98 C2 DA 4A 2A B8 9E 77 AD F0 F3
A9 8C 59 16 B2 1D ED AE 10 61 40 AF 33 48 2A C7 99 D0 FA 5C
35 2A 86 3F 08 30 28 64 DF AC 3B B2 09 E1 69 0C 83 95 DB 81
35 A5 48 B0 5E 06 0D 20 33
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 45 E8 52 31 9E 00 61 6A 50 49 AB C1 CC 0A C8 9D EE 9B 76
30 F9 58 89 5A 7B 82 B6 C8 92 8A 9A A5 72 3D 48 A7 EF CF E5
23 7B 45 14 76 31 45 22 8E 22 19 8E 71 20 B8 6E EA AF DE 6A
4E E6 A1 3E 5F 30 FB 49 F2 7D 95 57 9B 6C B1 90 0C 03 4A 3B
91 3F 7A 71 00 F5 21 91 C5 E2 03 5D 63 4E 7A 5E 2B 74 C2 81
7F CD 6B E7 81 35 00 86 4F 62 E8 B0 FE 40 F1 A1 53 E7 25 CE
17 B4 FF 87 19 D9 C9 BA F5

Extension: Subject Key Identifier(2.5.29.14)
Critical: 0
Subject Key Identifier: FE 7F CC F2 04 09 D8 AA 43 79 3A B2 17 5D 8E 52 E0 4B BF 1E


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: FE 7F CC F2 04 09 D8 AA 43 79 3A B2 17 5D 8E 52 E0 4B BF 1E
Country: US
State/Province: CA
Locality: Pleasanton
Organization: Zoho Corporation
Organization Unit: ManageEngine
Common Name: Desktop Central
Email Address: support@desktopcentral.com
Serial Number: 00 F5 9C EF 71 E6 DB 72 A5


Extension: Basic Constraints(2.5.29.19)
Critical: 0
CA: TRUE


Fingerprints :

SHA-256 Fingerprint: C1 DF 75 68 62 FA 17 58 2C 31 E8 F8 EB DA 08 4D 1A 13 41 81
5B 71 6E B1 35 AD 83 CD 7B 01 A5 A5
SHA-1 Fingerprint: 70 1E 2E 6D F8 85 4C 4F 0B 29 8D FF 03 A2 C6 F0 BA C7 D3 15
MD5 Fingerprint: 3D 69 FF A2 B1 00 71 35 72 8E C7 04 30 75 DA 29


PEM certificate :

-----BEGIN CERTIFICATE-----
MIID3TCCA0agAwIBAgIJAPWc73Hm23KlMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTClBsZWFzYW50b24xGTAXBgNVBAoTEFpvaG8gQ29ycG9yYXRpb24xFTATBgNVBAsTDE1hbmFnZUVuZ2luZTEYMBYGA1UEAxMPRGVza3RvcCBDZW50cmFsMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGRlc2t0b3BjZW50cmFsLmNvbTAeFw0xMDA5MDgxMjI0NDRaFw0yMDA5MDUxMjI0NDRaMIGmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTClBsZWFzYW50b24xGTAXBgNVBAoTEFpvaG8gQ29ycG9yYXRpb24xFTATBgNVBAsTDE1hbmFnZUVuZ2luZTEYMBYGA1UEAxMPRGVza3RvcCBDZW50cmFsMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGRlc2t0b3BjZW50cmFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+WAUuldwD3YKmlgJIoyFB0SuCkOngoUmkVmsPS/+LvKN09bPCa1BR0IXCKOSz2kOAayLsx0vMs2X9Jt74gk3WQIg59WYwtpKKried63w86mMWRayHe2uEGFArzNIKseZ0PpcNSqGPwgwKGTfrDuyCeFpDIOV24E1pUiwXgYNIDMCAwEAAaOCAQ8wggELMB0GA1UdDgQWBBT+f8zyBAnYqkN5OrIXXY5S4Eu/HjCB2wYDVR0jBIHTMIHQgBT+f8zyBAnYqkN5OrIXXY5S4Eu/HqGBrKSBqTCBpjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpQbGVhc2FudG9uMRkwFwYDVQQKExBab2hvIENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNYW5hZ2VFbmdpbmUxGDAWBgNVBAMTD0Rlc2t0b3AgQ2VudHJhbDEpMCcGCSqGSIb3DQEJARYac3VwcG9ydEBkZXNrdG9wY2VudHJhbC5jb22CCQD1nO9x5ttypTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEXoUjGeAGFqUEmrwcwKyJ3um3Yw+ViJWnuCtsiSipqlcj1Ip+/P5SN7RRR2MUUijiIZjnEguG7qr95qTuahPl8w+0nyfZVXm2yxkAwDSjuRP3pxAPUhkcXiA11jTnpeK3TCgX/Na+eBNQCGT2LosP5A8aFT5yXOF7T/hxnZybr1
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/4848


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8031


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8181


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8383/www


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DHE RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DHE RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DHE RSA Camellia-CBC(256) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DHE RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8443


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/3389/msrdp


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

Unrecognized Ciphers

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS1_CK_RSA_WITH_RC4_128_MD5
TLS1_CK_RSA_WITH_RC4_128_SHA

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/4848


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/8031


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/8181


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/8383/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DHE RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DHE RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DHE RSA Camellia-CBC(256) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DHE RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DHE RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DHE RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DHE RSA Camellia-CBC(256) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DHE RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DHE RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DHE RSA Camellia-CBC(256) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/8443


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/3389/msrdp


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/4848


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8181


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8383/www


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DHE RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DHE RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DHE RSA Camellia-CBC(256) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DHE RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8383/www


The following root Certification Authority certificate was found :

|-Subject : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com
|-Issuer : C=US/ST=CA/L=Pleasanton/O=Zoho Corporation/OU=ManageEngine/CN=Desktop Central/E=support@desktopcentral.com
|-Valid From : Sep 08 12:24:44 2010 GMT
|-Valid To : Sep 05 12:24:44 2020 GMT
|-Signature Algorithm : SHA-1 With RSA Encryption

35297 - SSL Service Requests Client Certificate
-
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/01/06, Modified: 2022/04/11
Plugin Output

tcp/4848


A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.

51891 - SSL Session Resume Supported
-
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/07, Modified: 2021/09/13
Plugin Output

tcp/3389/msrdp


This port supports resuming TLSv1 sessions.

51891 - SSL Session Resume Supported
-
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/07, Modified: 2021/09/13
Plugin Output

tcp/4848


This port supports resuming TLSv1 / TLSv1 / TLSv1 sessions.

51891 - SSL Session Resume Supported
-
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/07, Modified: 2021/09/13
Plugin Output

tcp/8181


This port supports resuming TLSv1 / TLSv1 / TLSv1 sessions.

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/3389/msrdp

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

Unrecognized Ciphers

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS1_CK_RSA_WITH_RC4_128_MD5
TLS1_CK_RSA_WITH_RC4_128_SHA

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/4848

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/8031

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/8181

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/8383/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
EDH-RSA-DES-CBC3-SHA 0x00, 0x16 DHE RSA 3DES-CBC(168) SHA1
ECDHE-RSA-DES-CBC3-SHA 0xC0, 0x12 ECDHE RSA 3DES-CBC(168) SHA1
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA 0x00, 0x33 DHE RSA AES-CBC(128) SHA1
DHE-RSA-AES256-SHA 0x00, 0x39 DHE RSA AES-CBC(256) SHA1
DHE-RSA-CAMELLIA128-SHA 0x00, 0x45 DHE RSA Camellia-CBC(128) SHA1
DHE-RSA-CAMELLIA256-SHA 0x00, 0x88 DHE RSA Camellia-CBC(256) SHA1
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
DHE-RSA-AES128-SHA256 0x00, 0x67 DHE RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DHE RSA AES-CBC(256) SHA256
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/8443

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ADH-AES128-SHA 0x00, 0x34 DH None AES-CBC(128) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

97086 - Server Message Block (SMB) Protocol Version 1 Enabled
-
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
Plugin Information
Published: 2017/02/09, Modified: 2020/06/12
Plugin Output

tcp/445/cifs


SMBv1 server is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing
SMBv1 client is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start : 3
96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
-
Synopsis
The remote host supports the SMBv1 protocol.
Description
The remote host (Windows and/or Samba server) supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, most security and compliance agencies recommend that users disable SMBv1 per SMB best practices.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
References
XREF IAVT:0001-T-0710
Plugin Information
Published: 2017/02/03, Modified: 2025/08/13
Plugin Output

tcp/445/cifs


The remote host supports SMBv1.
160486 - Server Message Block (SMB) Protocol Version Detection
-
Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Plugin Information
Published: 2022/05/04, Modified: 2022/05/04
Plugin Output

tcp/445/cifs

- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/3000/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/3700/giop

A GIOP-enabled service is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/4848

A TLSv1.2 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/5985/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8020/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8022/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8031

A TLSv1 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8080/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8181

A TLSv1.2 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8383/www

A TLSv1.2 server answered on this port.

tcp/8383/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8443

A TLSv1 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8484/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/8585/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/9200/elasticsearch

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/47001/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/49179

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2026/02/02
Plugin Output

tcp/49236/ssh

An SSH server is running on this port.

17975 - Service Detection (GET request)
-
Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0935
Plugin Information
Published: 2005/04/06, Modified: 2021/10/27
Plugin Output

tcp/3306/mysql

A MySQL server seems to be running on this port but the Nessus scanner
IP has been blacklisted. Run 'mysqladmin flush-hosts' if you want
complete tests.

14773 - Service Detection: 3 ASCII Digit Code Responses
-
Synopsis
This plugin performs service detection.
Description
This plugin is a complement of find_service1.nasl. It attempts to identify services that return 3 ASCII digits codes (ie: FTP, SMTP, NNTP, ...)
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/09/17, Modified: 2025/12/16
Plugin Output

tcp/7676/imqbrokerd

A Message Queue broker is listening on this port.

298387 - Shor's Harvest Now Decrypt Later
-
Synopsis
Reports remote services potentially vulnerable to Shor's Algorithm.
Description
This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer (CRQC). Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by Peter Shor in 1994.

This algorithm easily computes two classically difficult mathematical problems used in modern cryptography; discrete logarithms, and factoring numbers formed by multiplying large primes. Shor's reduces both of these problems from taking exponential time in chosen cases to being solvable in polynomial time.

Asymmetric encryption algorithms such as RSA, Diffie-Hellman and Elliptic Curve Diffie-Hellman are impacted by Shor's Algorithm. The most common uses of these algorithms are in symmetric key establishment and authentication. These uses render Shor's Algorithm particularly dangerous because it may give an adversary the ability to harvest network communications now, and in the future, when a CRQC becomes available, extract the symmetric key and decrypt the communication.
See Also
Solution
Replace affected ciphers with algorithms chosen to resist CRQC attack.
Risk Factor
None
Plugin Information
Published: 2026/02/09, Modified: 2026/02/09
Plugin Output

tcp/0

The TLS service on port 8383 offers these ciphers vulnerable to Shor's:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 with curve:
ffdhe1024
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 with curve:
ffdhe1024
TLS_CK_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 with curve:
secp256r1
TLS_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA with curve:
ffdhe1024
TLS_CK_RSA_WITH_AES_128_CBC_SHA
TLS_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA with curve:
secp256r1
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 with curve:
ffdhe1024
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with curve:
secp256r1
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with curve:
secp256r1
TLS_CK_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA with curve:
secp256r1
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 with curve:
ffdhe1024
TLS_CK_DHE_RSA_WITH_AES_128_CBC_SHA with curve:
ffdhe1024
TLS_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA with curve:
ffdhe1024
TLS_CK_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_CK_DHE_RSA_WITH_AES_256_CBC_SHA with curve:
ffdhe1024
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 with curve:
secp256r1
TLS_CK_RSA_WITH_3DES_EDE_CBC_SHA
TLS_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA with curve:
secp256r1
TLS_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA with curve:
ffdhe1024
TLS_RSA_WITH_AES_128_GCM_SHA256

The TLS service on port 8443 offers these ciphers vulnerable to Shor's:
TLS_CK_DH_anon_WITH_AES_128_CBC_SHA

The TLS service on port 8181 offers these ciphers vulnerable to Shor's:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 with curve:
ffdhe1024
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 with curve:
ffdhe1024
TLS_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA with curve:
ffdhe1024
TLS_CK_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with curves:
secp521r1, secp384r1 or secp256r1
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_CK_DHE_RSA_WITH_AES_128_CBC_SHA with curve:
ffdhe1024
TLS_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA with curves:
secp521r1, secp384r1 or secp256r1
TLS_CK_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 with curves:
secp521r1, secp384r1 or secp256r1
TLS_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA with curves:
secp521r1, secp384r1 or secp256r1
TLS_RSA_WITH_AES_128_GCM_SHA256

The TLS service on port 3389 offers these ciphers vulnerable to Shor's:
TLS_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_CK_RSA_WITH_AES_128_CBC_SHA
TLS_CK_RSA_WITH_3DES_EDE_CBC_SHA
TLS_CK_RSA_WITH_AES_256_CBC_SHA
TLS_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_CK_RSA_WITH_RC4_128_SHA
TLS_CK_RSA_WITH_RC4_128_MD5

The TLS service on port 8031 offers these ciphers vulnerable to Shor's:
TLS_CK_DH_anon_WITH_AES_128_CBC_SHA

The SSH service on port 22 offers these ciphers vulnerable to Shor's:
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

The SSH service on port 49236 offers these ciphers vulnerable to Shor's:
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

The TLS service on port 4848 offers these ciphers vulnerable to Shor's:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 with curve:
ffdhe1024
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 with curve:
ffdhe1024
TLS_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA with curve:
ffdhe1024
TLS_CK_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with curves:
secp521r1, secp384r1 or secp256r1
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_CK_DHE_RSA_WITH_AES_128_CBC_SHA with curve:
ffdhe1024
TLS_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA with curves:
secp521r1, secp384r1 or secp256r1
TLS_CK_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 with curves:
secp521r1, secp384r1 or secp256r1
TLS_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA with curves:
secp521r1, secp384r1 or secp256r1
TLS_RSA_WITH_AES_128_GCM_SHA256
25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/05/16, Modified: 2023/10/17
Plugin Output

tcp/0

277654 - TLS Supported Groups
-
Synopsis
The remote service negotiates TLS supported curve groups.
Description
This plugin detects which TLS supported groups entries are supported by the remote service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2026/01/20
Plugin Output

tcp/4848


These are the TLS supported groups offered by the remote server :


TLS supported groups :

Name Code
--------------------------
secp256r1 0x0017
secp521r1 0x0019
secp384r1 0x0018
ffdhe1024 N/A

277654 - TLS Supported Groups
-
Synopsis
The remote service negotiates TLS supported curve groups.
Description
This plugin detects which TLS supported groups entries are supported by the remote service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2026/01/20
Plugin Output

tcp/8181


These are the TLS supported groups offered by the remote server :


TLS supported groups :

Name Code
--------------------------
secp256r1 0x0017
secp521r1 0x0019
secp384r1 0x0018
ffdhe1024 N/A

277654 - TLS Supported Groups
-
Synopsis
The remote service negotiates TLS supported curve groups.
Description
This plugin detects which TLS supported groups entries are supported by the remote service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2026/01/20
Plugin Output

tcp/8383/www


These are the TLS supported groups offered by the remote server :


TLS supported groups :

Name Code
--------------------------
secp256r1 0x0017
ffdhe1024 N/A

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/4848

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/8181

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/8383/www

TLSv1.1 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/4848

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8181

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8383/www

TLSv1.2 is enabled and the server supports at least one cipher.

110095 - Target Credential Issues by Authentication Protocol - No Issues Found
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access, privilege, or intermittent failure.
Description
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol.

When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at least one authenticated protocol. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
For example, authentication to the SSH service on the remote target may have consistently succeeded with no privilege errors encountered, while connections to the SMB service on the remote target may have failed intermittently.

- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol and what particular check failed. For example, consistently successful checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful checks via SMB are more critical for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0520
Plugin Information
Published: 2018/05/24, Modified: 2025/08/28
Plugin Output

tcp/445/cifs


Nessus was able to log into the remote host with no privilege or access
problems via the following :

User: '192.168.122.168\vagrant'
Port: 445
Proto: SMB
Method: password
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided
-
Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/10/15, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


Nessus was able to log in to the remote host via the following :

User: '192.168.122.168\vagrant'
Port: 445
Proto: SMB
Method: password

64814 - Terminal Services Use SSL/TLS
-
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/22, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: vagrant-2008R2

Issuer Name:

Common Name: vagrant-2008R2

Serial Number: 12 61 C3 4C 22 0B 4A B8 47 7F FE D6 5B 58 9F 30

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Feb 10 19:09:42 2026 GMT
Not Valid After: Aug 12 19:09:42 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B7 38 27 CC 1D DE E9 F7 D1 34 8C ED F0 D3 46 87 1E 37 82
F3 83 AC B2 3C 6A 12 D1 D6 76 FE DF 1F 5B C1 77 39 C0 F7 8D
D1 B9 23 AA 44 F5 ED 08 4D A8 69 03 96 CB BD 02 FC 29 83 4D
29 CD 89 79 94 0C B6 5F 3B 21 60 7B D6 7D 60 25 1F C7 F0 C8
82 7D FA EF D1 AA 61 B6 E9 F7 CA 11 CA 0E AA 4C 6D D9 6E 6C
D7 20 03 F2 59 62 C3 E0 66 92 51 4B 55 04 BC 23 CE 7F 3B 56
6F 52 11 FD E6 54 D2 7A BE EF D8 2C F7 E1 ED 85 E5 88 AB 81
FA 3E 46 69 83 89 0E 56 D1 10 44 67 E7 34 3A BB 15 CD CC B5
2F F8 73 EC 92 20 10 AF 97 43 AD D1 21 A0 7F 13 76 89 33 55
C9 32 25 B2 0C 11 2F A2 5C 58 70 E3 5A AA F0 E4 CE 0F 11 B0
57 40 B3 85 05 7B 4C 4F A3 20 87 AE A7 14 81 CF 96 D3 4A F4
1B B4 01 19 F8 6B 05 26 9A 10 41 22 2F BD 6E 65 17 3A A8 63
48 64 06 D4 AA 68 77 79 8D A7 3C B1 14 6A D2 B1 91
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 B6 7F AD 40 8F 9B 64 F3 03 24 1D 77 67 12 8B 5D F9 44 20
E0 EA 67 DA 97 6A B2 95 28 B0 9F 6F D8 B0 9E D0 30 D6 1D 23
D6 C1 6A 5C 1A 1F CE 6E D4 0F EC 39 13 66 12 34 B5 D7 81 3A
37 96 2F 62 0A D5 9C 79 91 8A 35 50 C6 26 39 EA AF 37 0D 93
59 54 17 2B 7B 39 D9 FC 0E 59 EB 9D D6 31 90 66 2E 20 56 0A
19 96 9F B5 9C 7F B4 77 F5 F2 96 E8 EC B9 13 63 3F CC C2 E5
1F 76 51 BE C2 52 CE 98 10 4E 04 90 30 6E C3 3F AF 67 A0 A6
9F E7 78 98 DA 20 C5 AF FF B1 D9 9A 3C D9 9A 1F 16 BA 6A 4A
B6 C4 AB F9 82 C5 F0 D5 30 77 95 49 AA 2F 7E E9 40 E5 F3 80
E9 67 C9 4D EE 53 F4 AB F4 94 1C 37 08 35 CD 21 37 7B 86 15
A0 40 D2 44 39 4E 29 27 98 6C D5 B4 5F 54 DF 02 89 62 C0 D6
3C B5 E5 76 68 64 C3 F2 D9 A2 C4 6C F3 B2 E1 75 4E 6A D0 A7
39 13 02 43 D5 37 E4 1F 8C DF 94 BC FA E1 F7 B0 BB

Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

56468 - Time of Last System Startup
-
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/10/12, Modified: 2018/06/19
Plugin Output

tcp/0


20260211202609.484375-480

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/12/04
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.122.1 to 192.168.122.168 :
192.168.122.1
192.168.122.168

Hop Count: 1

11154 - Unknown Service Detection: Banner Retrieval
-
Synopsis
There is an unknown service running on the remote host.
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/11/18, Modified: 2022/07/26
Plugin Output

tcp/8032


If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :

Port : 8032
Type : get_http
Banner :
0x00: 49 6E 76 61 6C 69 64 20 46 54 20 47 57 41 44 44 Invalid FT GWADD
0x10: 52 20 2F 20 53 54 41 52 54 20 70 72 6F 74 6F 63 R / START protoc
0x20: 6F 6C 0A ol.


Nessus detected the following process listening on this port :

java.exe

11154 - Unknown Service Detection: Banner Retrieval
-
Synopsis
There is an unknown service running on the remote host.
Description
Nessus was unable to identify a service on the remote host even though it returned a banner of some type.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/11/18, Modified: 2022/07/26
Plugin Output

tcp/8444


If you know what this service is and think the banner could be used to
identify it, please send a description of the service along with the
following output to svc-signatures@nessus.org :

Port : 8444
Type : get_http
Banner :
0x00: 49 6E 76 61 6C 69 64 20 47 57 41 44 44 52 20 2F Invalid GWADDR /
0x10: 20 53 54 41 52 54 20 70 72 6F 74 6F 63 6F 6C 0A START protocol.
0x20:


Nessus detected the following process listening on this port :

java.exe

92434 - User Download Folder Files
-
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

C:\\Users\Public\Downloads\desktop.ini
C:\\Users\vagrant\Downloads\desktop.ini

Download folder content report attached.
92431 - User Shell Folders Settings
-
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

vagrant
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\vagrant\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\vagrant\Downloads
- recent : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\vagrant\Videos
- my music : C:\Users\vagrant\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\vagrant\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\vagrant\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\vagrant\AppData\LocalLow
- sendto : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Cookies
- personal : C:\Users\vagrant\Documents
- administrative tools : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- history : C:\Users\vagrant\AppData\Local\Microsoft\Windows\History
- nethood : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\vagrant\Saved Games
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\vagrant\AppData\Local
- my pictures : C:\Users\vagrant\Pictures
- templates : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\vagrant\AppData\Local\Microsoft\Windows\Temporary Internet Files
- desktop : C:\Users\vagrant\Desktop
- programs : C:\Users\vagrant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\vagrant\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\vagrant\Favorites
- appdata : C:\Users\vagrant\AppData\Roaming
92435 - UserAssist Execution History
-
Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/11/12
Plugin Output

tcp/0

microsoft.internetexplorer.default
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\services.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\wampserver\start wampserver.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\internet explorer.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\command prompt.lnk
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\windows powershell.lnk
c:\wamp\wampmanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
ueme_ctlsession
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\task scheduler.lnk
{f38bf404-1d43-42f2-9305-67de0b28fc23}\explorer.exe

Extended userassist report attached.

24269 - WMI Available
-
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2026/01/20
Plugin Output

tcp/445/cifs

The remote host returned the following caption from Win32_OperatingSystem:

Microsoft Windows Server 2008 R2 Standard

52001 - WMI QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/16, Modified: 2026/01/20
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB3134760
- Description : Update
- InstalledOn : 8/7/2017

+ KB976902
- Description : Update
- InstalledOn : 11/21/2010

Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
44871 - WMI Windows Feature Enumeration
-
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0754
Plugin Information
Published: 2010/02/24, Modified: 2026/01/20
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- Windows PowerShell Integrated Scripting Environment (ISE)

33139 - WS-Management Server Detection
-
Synopsis
The remote web server is used for remote management.
Description
The remote web server supports the Web Services for Management (WS-Management) specification, a general web services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information
Published: 2008/06/11, Modified: 2021/05/19
Plugin Output

tcp/5985/www


Here is some information about the WS-Management Server :

Product Vendor : Microsoft Corporation
Product Version : OS: 0.0.0 SP: 0.0 Stack: 3.0

10302 - Web Server robots.txt Information Disclosure
-
Synopsis
The remote web server contains a 'robots.txt' file.
Description
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks.
See Also
Solution
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material.
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2018/11/15
Plugin Output

tcp/8484/www

Contents of robots.txt :

# we don't want robots to click "build" links
User-agent: *
Disallow: /

11424 - WebDAV Detection
-
Synopsis
The remote server is running with WebDAV enabled.
Description
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage the content of a web server.

If you do not use this extension, you should disable it.
Solution
http://support.microsoft.com/default.aspx?kbid=241520
Risk Factor
None
Plugin Information
Published: 2003/03/20, Modified: 2011/03/14
Plugin Output

tcp/8585/www

162174 - Windows Always Installed Elevated Status
-
Synopsis
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/06/14, Modified: 2022/06/14
Plugin Output

tcp/445/cifs

AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-3331990163-568474530-1720004626-1000

48337 - Windows ComputerSystemProduct Enumeration (WMI)
-
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/16, Modified: 2026/01/20
Plugin Output

tcp/0


+ Computer System Product
- Description : Computer System Product
- Vendor : QEMU
- Name : Standard PC (i440FX + PIIX, 1996)
- UUID : 9CA33F65-3A4A-4D51-BB7C-B8B58B0F12AC
- Version : pc-i440fx-10.2

159817 - Windows Credential Guard Status
-
Synopsis
Retrieves the status of Windows Credential Guard.
Description
Retrieves the status of Windows Credential Guard.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/04/18, Modified: 2023/08/25
Plugin Output

tcp/445/cifs


Windows Credential Guard is not fully enabled.
The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found.
58181 - Windows DNS Server Enumeration
-
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/03/01, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Nessus enumerated DNS servers for the following interfaces :

Interface: {2C92F077-000B-4CCF-870A-59A3817BEF87}
Network Connection : Local Area Connection 2
DhcpNameServer: 192.168.122.1

Interface: Default
DhcpNameServer: 192.168.122.1
164690 - Windows Disabled Command Prompt Enumeration
-
Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'

- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/09/06, Modified: 2026/01/26
Plugin Output

tcp/445/cifs


Username: sshd_server
SID: S-1-5-21-3331990163-568474530-1720004626-1002
DisableCMD: Unset

Username: kylo_ren
SID: S-1-5-21-3331990163-568474530-1720004626-1018
DisableCMD: Unset

Username: ben_kenobi
SID: S-1-5-21-3331990163-568474530-1720004626-1009
DisableCMD: Unset

Username: sshd
SID: S-1-5-21-3331990163-568474530-1720004626-1001
DisableCMD: Unset

Username: Administrator
SID: S-1-5-21-3331990163-568474530-1720004626-500
DisableCMD: Unset

Username: Guest
SID: S-1-5-21-3331990163-568474530-1720004626-501
DisableCMD: Unset

Username: leia_organa
SID: S-1-5-21-3331990163-568474530-1720004626-1004
DisableCMD: Unset

Username: greedo
SID: S-1-5-21-3331990163-568474530-1720004626-1016
DisableCMD: Unset

Username: darth_vader
SID: S-1-5-21-3331990163-568474530-1720004626-1010
DisableCMD: Unset

Username: anakin_skywalker
SID: S-1-5-21-3331990163-568474530-1720004626-1011
DisableCMD: Unset

Username: jarjar_binks
SID: S-1-5-21-3331990163-568474530-1720004626-1012
DisableCMD: Unset

Username: c_three_pio
SID: S-1-5-21-3331990163-568474530-1720004626-1008
DisableCMD: Unset

Username: vagrant
SID: S-1-5-21-3331990163-568474530-1720004626-1000
DisableCMD: Unset

Username: jabba_hutt
SID: S-1-5-21-3331990163-568474530-1720004626-1015
DisableCMD: Unset

Username: han_solo
SID: S-1-5-21-3331990163-568474530-1720004626-1006
DisableCMD: Unset

Username: chewbacca
SID: S-1-5-21-3331990163-568474530-1720004626-1017
DisableCMD: Unset

Username: artoo_detoo
SID: S-1-5-21-3331990163-568474530-1720004626-1007
DisableCMD: Unset

Username: lando_calrissian
SID: S-1-5-21-3331990163-568474530-1720004626-1013
DisableCMD: Unset

Username: boba_fett
SID: S-1-5-21-3331990163-568474530-1720004626-1014
DisableCMD: Unset

Username: luke_skywalker
SID: S-1-5-21-3331990163-568474530-1720004626-1005
DisableCMD: Unset

72482 - Windows Display Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0756
Plugin Information
Published: 2014/02/06, Modified: 2026/01/20
Plugin Output

tcp/0


Device Name : Standard VGA Graphics Adapter
Driver File Version : 6.1.7600.16385
Driver Date : 06/21/2006
171956 - Windows Enumerate Accounts
-
Synopsis
Enumerate Windows accounts.
Description
Enumerate Windows accounts.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/28, Modified: 2026/01/26
Plugin Output

tcp/0

Windows accounts enumerated. Results output to DB.
User data gathered in scan starting at : 2026/2/11 20:27 CET

159929 - Windows LSA Protection Status
-
Synopsis
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/04/20, Modified: 2025/06/16
Plugin Output

tcp/445/cifs


LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.

148541 - Windows Language Settings Detection
-
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/04/14, Modified: 2022/02/01
Plugin Output

tcp/0

Default Install Language Code: 1033

Default Active Language Code: 1033

Other common microsoft Language packs may be scanned as well.

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2021/02/10
Plugin Output

udp/137/netbios-ns

The following 3 NetBIOS names have been gathered :

VAGRANT-2008R2 = Computer name
WORKGROUP = Workgroup / Domain name
VAGRANT-2008R2 = File Server Service

The remote host has the following MAC address on its adapter :

52:54:00:64:7e:b3

155963 - Windows Printer Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the printer drivers on the remote host.
Description
Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/12/09, Modified: 2026/01/20
Plugin Output

tcp/445/cifs


Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 6.1.7601.17514
Supported Platform : Windows x64
63620 - Windows Product Key Retrieval
-
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

tcp/445/cifs


Product key : XXXXX-XXXXX-XXXXX-XXXXX-J9HDR

Note that all but the final portion of the key has been obfuscated.
160576 - Windows Services Registry ACL
-
Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/05, Modified: 2024/01/15
Plugin Output

tcp/445/cifs

Verbosity must be set to 'Report as much information as possible' for this plugin to produce output.

204960 - Windows System Driver Enumeration (Windows)
-
Synopsis
One or more kernel or file system drivers were enumerated on the remote Windows host.
Description
One or more kernel or file system drivers were enumerated on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/08/01, Modified: 2026/01/20
Plugin Output

tcp/0


Total : 228

Name : 1394ohci
Path : C:\Windows\system32\drivers\1394ohci.sys
Service Type : Kernel Driver
Description : 1394 OHCI Compliant Host Controller
State : Stopped

Name : ACPI
Path : C:\Windows\system32\drivers\ACPI.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Driver
State : Running

Name : AcpiPmi
Path : C:\Windows\system32\drivers\acpipmi.sys
Service Type : Kernel Driver
Description : ACPI Power Meter Driver
State : Stopped

Name : adp94xx
Path : C:\Windows\system32\drivers\adp94xx.sys
Service Type : Kernel Driver
Description : adp94xx
State : Stopped

Name : adpahci
Path : C:\Windows\system32\drivers\adpahci.sys
Service Type : Kernel Driver
Description : adpahci
State : Stopped

Name : adpu320
Path : C:\Windows\system32\drivers\adpu320.sys
Service Type : Kernel Driver
Description : adpu320
State : Stopped

Name : AFD
Path : C:\Windows\system32\drivers\afd.sys
Service Type : Kernel Driver
Description : Ancillary Function Driver for Winsock
State : Running

Name : agp440
Path : C:\Windows\system32\drivers\agp440.sys
Service Type : Kernel Driver
Description : Intel AGP Bus Filter
State : Stopped

Name : aliide
Path : C:\Windows\system32\drivers\aliide.sys
Service Type : Kernel Driver
Description : aliide
State : Stopped

Name : amdide
Path : C:\Windows\system32\drivers\amdide.sys
Service Type : Kernel Driver
Description : amdide
State : Stopped

Name : AmdK8
Path : C:\Windows\system32\drivers\amdk8.sys
Service Type : Kernel Driver
Description : AMD K8 Processor Driver
State : Stopped

Name : AmdPPM
Path : C:\Windows\system32\drivers\amdppm.sys
Service Type : Kernel Driver
Description : AMD Processor Driver
State : Stopped

Name : amdsata
Path : C:\Windows\system32\drivers\amdsata.sys
Service Type : Kernel Driver
Description : amdsata
State : Stopped

Name : amdsbs
Path : C:\Windows\system32\drivers\amdsbs.sys
Service Type : Kernel Driver
Description : amdsbs
State : Stopped

Name : amdxata
Path : C:\Windows\system32\drivers\amdxata.sys
Service Type : Kernel Driver
Description : amdxata
State : Running

Name : AppID
Path : C:\Windows\system32\drivers\appid.sys
Service Type : Kernel Driver
Description : AppID Driver
State : Stopped

Name : arc
Path : C:\Windows\system32\drivers\arc.sys
Service Type : Kernel Driver
Description : arc
State : Stopped

Name : arcsas
Path : C:\Windows\system32\drivers\arcsas.sys
Service Type : Kernel Driver
Description : arcsas
State : Stopped

Name : AsyncMac
Path : C:\Windows\system32\DRIVERS\asyncmac.sys
Service Type : Kernel Driver
Description : RAS Asynchronous Media Driver
State : Stopped

Name : atapi
Path : C:\Windows\system32\drivers\atapi.sys
Service Type : Kernel Driver
Description : IDE Channel
State : Running

Name : b06bdrv
Path : C:\Windows\system32\drivers\bxvbda.sys
Service Type : Kernel Driver
Description : Broadcom NetXtreme II VBD
State : Stopped

Name : b57nd60a
Path : C:\Windows\system32\DRIVERS\b57nd60a.sys
Service Type : Kernel Driver
Description : Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
State : Stopped

Name : Beep
Path : C:\Windows\system32\drivers\Beep.sys
Service Type : Kernel Driver
Description : Beep
State : Stopped

Name : blbdrive
Path : C:\Windows\system32\DRIVERS\blbdrive.sys
Service Type : Kernel Driver
Description : blbdrive
State : Running

Name : bowser
Path : C:\Windows\system32\DRIVERS\bowser.sys
Service Type : File System Driver
Description : Browser Support Driver
State : Running

Name : BrFiltLo
Path : C:\Windows\system32\drivers\BrFiltLo.sys
Service Type : Kernel Driver
Description : Brother USB Mass-Storage Lower Filter Driver
State : Stopped

Name : BrFiltUp
Path : C:\Windows\system32\drivers\BrFiltUp.sys
Service Type : Kernel Driver
Description : Brother USB Mass-Storage Upper Filter Driver
State : Stopped

Name : Brserid
Path : C:\Windows\system32\Drivers\Brserid.sys
Service Type : Kernel Driver
Description : Brother MFC Serial Port Interface Driver (WDM)
State : Stopped

Name : BrSerWdm
Path : C:\Windows\system32\Drivers\BrSerWdm.sys
Service Type : Kernel Driver
Description : Brother WDM Serial driver
State : Stopped

Name : BrUsbMdm
Path : C:\Windows\system32\Drivers\BrUsbMdm.sys
Service Type : Kernel Driver
Description : Brother MFC USB Fax Only Modem
State : Stopped

Name : BrUsbSer
Path : C:\Windows\system32\Drivers\BrUsbSer.sys
Service Type : Kernel Driver
Description : Brother MFC USB Serial WDM Driver
State : Stopped

Name : cdfs
Path : C:\Windows\system32\DRIVERS\cdfs.sys
Service Type : File System Driver
Description : CD/DVD File System Reader
State : Stopped

Name : cdrom
Path : C:\Windows\system32\DRIVERS\cdrom.sys
Service Type : Kernel Driver
Description : CD-ROM Driver
State : Stopped

Name : CLFS
Path : C:\Windows\system32\CLFS.sys
Service Type : Kernel Driver
Description : Common Log (CLFS)
State : Running

Name : CmBatt
Path : C:\Windows\system32\DRIVERS\CmBatt.sys
Service Type : Kernel Driver
Description : Microsoft AC Adapter Driver
State : Stopped

Name : cmdide
Path : C:\Windows\system32\drivers\cmdide.sys
Service Type : Kernel Driver
Description : cmdide
State : Stopped

Name : CNG
Path : C:\Windows\system32\Drivers\cng.sys
Service Type : Kernel Driver
Description : CNG
State : Running

Name : Compbatt
Path : C:\Windows\system32\DRIVERS\compbatt.sys
Service Type : Kernel Driver
Description : Microsoft Composite Battery Driver
State : Running

Name : CompositeBus
Path : C:\Windows\system32\DRIVERS\CompositeBus.sys
Service Type : Kernel Driver
Description : Composite Bus Enumerator Driver
State : Running

Name : crcdisk
Path : C:\Windows\system32\drivers\crcdisk.sys
Service Type : Kernel Driver
Description : Crcdisk Filter Driver
State : Stopped

Name : DfsC
Path : C:\Windows\system32\Drivers\dfsc.sys
Service Type : File System Driver
Description : DFS Namespace Client Driver
State : Running

Name : discache
Path : C:\Windows\system32\drivers\discache.sys
Service Type : Kernel Driver
Description : System Attribute Cache
State : Running

Name : Disk
Path : C:\Windows\system32\drivers\disk.sys
Service Type : Kernel Driver
Description : Disk Driver
State : Running

Name : dmvsc
Path : C:\Windows\system32\drivers\dmvsc.sys
Service Type : Kernel Driver
Description : dmvsc
State : Stopped

Name : drmkaud
Path : C:\Windows\system32\drivers\drmkaud.sys
Service Type : Kernel Driver
Description : Microsoft Trusted Audio Drivers
State : Stopped

Name : DXGKrnl
Path : C:\Windows\system32\drivers\dxgkrnl.sys
Service Type : Kernel Driver
Description : LDDM Graphics Subsystem
State : Stopped

Name : E1G60
Path : C:\Windows\system32\DRIVERS\E1G6032E.sys
Service Type : Kernel Driver
Description : Intel(R) PRO/1000 NDIS 6 Adapter Driver
State : Running

Name : ebdrv
Path : C:\Windows\system32\drivers\evbda.sys
Service Type : Kernel Driver
Description : Broadcom NetXtreme II 10 GigE VBD
State : Stopped

Name : elxstor
Path : C:\Windows\system32\drivers\elxstor.sys
Service Type : Kernel Driver
Description : elxstor
State : Stopped

Name : ErrDev
Path : C:\Windows\system32\drivers\errdev.sys
Service Type : Kernel Driver
Description : Microsoft Hardware Error Device Driver
State : Stopped

Name : exfat
Path : C:\Windows\system32\drivers\exfat.sys
Service Type : File System Driver
Description : exFAT File System Driver
State : Stopped

Name : fastfat
Path : C:\Windows\system32\drivers\fastfat.sys
Service Type : File System Driver
Description : FAT12/16/32 File System Driver
State : Stopped

Name : fdc
Path : C:\Windows\system32\DRIVERS\fdc.sys
Service Type : Kernel Driver
Description : Floppy Disk Controller Driver
State : Running

Name : FileInfo
Path : C:\Windows\system32\drivers\fileinfo.sys
Service Type : File System Driver
Description : File Information FS MiniFilter
State : Stopped

Name : Filetrace
Path : C:\Windows\system32\drivers\filetrace.sys
Service Type : File System Driver
Description : Filetrace
State : Stopped

Name : flpydisk
Path : C:\Windows\system32\DRIVERS\flpydisk.sys
Service Type : Kernel Driver
Description : Floppy Disk Driver
State : Stopped

Name : FltMgr
Path : C:\Windows\system32\drivers\fltmgr.sys
Service Type : File System Driver
Description : FltMgr
State : Running

Name : FsDepends
Path : C:\Windows\system32\drivers\FsDepends.sys
Service Type : File System Driver
Description : File System Dependency Minifilter
State : Stopped

Name : gagp30kx
Path : C:\Windows\system32\drivers\gagp30kx.sys
Service Type : Kernel Driver
Description : Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
State : Stopped

Name : HdAudAddService
Path : C:\Windows\system32\drivers\HdAudio.sys
Service Type : Kernel Driver
Description : Microsoft 1.1 UAA Function Driver for High Definition Audio Service
State : Running

Name : HDAudBus
Path : C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Type : Kernel Driver
Description : Microsoft UAA Bus Driver for High Definition Audio
State : Running

Name : HidBatt
Path : C:\Windows\system32\drivers\HidBatt.sys
Service Type : Kernel Driver
Description : HID UPS Battery Driver
State : Stopped

Name : HidUsb
Path : C:\Windows\system32\DRIVERS\hidusb.sys
Service Type : Kernel Driver
Description : Microsoft HID Class Driver
State : Running

Name : HpSAMD
Path : C:\Windows\system32\drivers\HpSAMD.sys
Service Type : Kernel Driver
Description : HpSAMD
State : Stopped

Name : HTTP
Path : C:\Windows\system32\drivers\HTTP.sys
Service Type : Kernel Driver
Description : HTTP
State : Running

Name : hwpolicy
Path : C:\Windows\system32\drivers\hwpolicy.sys
Service Type : Kernel Driver
Description : Hardware Policy Driver
State : Running

Name : i8042prt
Path : C:\Windows\system32\DRIVERS\i8042prt.sys
Service Type : Kernel Driver
Description : i8042 Keyboard and PS/2 Mouse Port Driver
State : Running

Name : iaStorV
Path : C:\Windows\system32\drivers\iaStorV.sys
Service Type : Kernel Driver
Description : iaStorV
State : Stopped

Name : iirsp
Path : C:\Windows\system32\drivers\iirsp.sys
Service Type : Kernel Driver
Description : iirsp
State : Stopped

Name : intelide
Path : C:\Windows\system32\drivers\intelide.sys
Service Type : Kernel Driver
Description : intelide
State : Running

Name : intelppm
Path : C:\Windows\system32\DRIVERS\intelppm.sys
Service Type : Kernel Driver
Description : Intel Processor Driver
State : Running

Name : ioatdma
Path : C:\Windows\system32\Drivers\qd260x64.sys
Service Type : Kernel Driver
Description : Intel(R) QuickData Technology Device
State : Stopped

Name : IpFilterDriver
Path : C:\Windows\system32\DRIVERS\ipfltdrv.sys
Service Type : Kernel Driver
Description : IP Traffic Filter Driver
State : Stopped

Name : IPMIDRV
Path : C:\Windows\system32\drivers\IPMIDrv.sys
Service Type : Kernel Driver
Description : IPMIDRV
State : Stopped

Name : IPNAT
Path : C:\Windows\system32\drivers\ipnat.sys
Service Type : Kernel Driver
Description : IP Network Address Translator
State : Stopped

Name : isapnp
Path : C:\Windows\system32\drivers\isapnp.sys
Service Type : Kernel Driver
Description : isapnp
State : Stopped

Name : iScsiPrt
Path : C:\Windows\system32\drivers\msiscsi.sys
Service Type : Kernel Driver
Description : iScsiPort Driver
State : Stopped

Name : kbdclass
Path : C:\Windows\system32\DRIVERS\kbdclass.sys
Service Type : Kernel Driver
Description : Keyboard Class Driver
State : Running

Name : kbdhid
Path : C:\Windows\system32\drivers\kbdhid.sys
Service Type : Kernel Driver
Description : Keyboard HID Driver
State : Stopped

Name : KSecDD
Path : C:\Windows\system32\Drivers\ksecdd.sys
Service Type : Kernel Driver
Description : KSecDD
State : Running

Name : KSecPkg
Path : C:\Windows\system32\Drivers\ksecpkg.sys
Service Type : Kernel Driver
Description : KSecPkg
State : Running

Name : ksthunk
Path : C:\Windows\system32\drivers\ksthunk.sys
Service Type : Kernel Driver
Description : Kernel Streaming Thunks
State : Running

Name : lltdio
Path : C:\Windows\system32\DRIVERS\lltdio.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Mapper I/O Driver
State : Running

Name : LSI_FC
Path : C:\Windows\system32\drivers\lsi_fc.sys
Service Type : Kernel Driver
Description : LSI_FC
State : Stopped

Name : LSI_SAS
Path : C:\Windows\system32\drivers\lsi_sas.sys
Service Type : Kernel Driver
Description : LSI_SAS
State : Stopped

Name : LSI_SAS2
Path : C:\Windows\system32\drivers\lsi_sas2.sys
Service Type : Kernel Driver
Description : LSI_SAS2
State : Stopped

Name : LSI_SCSI
Path : C:\Windows\system32\drivers\lsi_scsi.sys
Service Type : Kernel Driver
Description : LSI_SCSI
State : Stopped

Name : luafv
Path : C:\Windows\system32\drivers\luafv.sys
Service Type : File System Driver
Description : UAC File Virtualization
State : Running

Name : megasas
Path : C:\Windows\system32\drivers\megasas.sys
Service Type : Kernel Driver
Description : megasas
State : Stopped

Name : MegaSR
Path : C:\Windows\system32\drivers\MegaSR.sys
Service Type : Kernel Driver
Description : MegaSR
State : Stopped

Name : Modem
Path : C:\Windows\system32\drivers\modem.sys
Service Type : Kernel Driver
Description : Modem
State : Stopped

Name : monitor
Path : C:\Windows\system32\DRIVERS\monitor.sys
Service Type : Kernel Driver
Description : Microsoft Monitor Class Function Driver Service
State : Running

Name : mouclass
Path : C:\Windows\system32\DRIVERS\mouclass.sys
Service Type : Kernel Driver
Description : Mouse Class Driver
State : Running

Name : mouhid
Path : C:\Windows\system32\DRIVERS\mouhid.sys
Service Type : Kernel Driver
Description : Mouse HID Driver
State : Running

Name : mountmgr
Path : C:\Windows\system32\drivers\mountmgr.sys
Service Type : Kernel Driver
Description : Mount Point Manager
State : Running

Name : mpio
Path : C:\Windows\system32\drivers\mpio.sys
Service Type : Kernel Driver
Description : mpio
State : Stopped

Name : mpsdrv
Path : C:\Windows\system32\drivers\mpsdrv.sys
Service Type : Kernel Driver
Description : Windows Firewall Authorization Driver
State : Running

Name : mrxsmb
Path : C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Type : File System Driver
Description : SMB MiniRedirector Wrapper and Engine
State : Running

Name : mrxsmb10
Path : C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Type : File System Driver
Description : SMB 1.x MiniRedirector
State : Running

Name : mrxsmb20
Path : C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Type : File System Driver
Description : SMB 2.0 MiniRedirector
State : Running

Name : msahci
Path : C:\Windows\system32\drivers\msahci.sys
Service Type : Kernel Driver
Description : msahci
State : Stopped

Name : msdsm
Path : C:\Windows\system32\drivers\msdsm.sys
Service Type : Kernel Driver
Description : msdsm
State : Stopped

Name : Msfs
Path : C:\Windows\system32\drivers\Msfs.sys
Service Type : File System Driver
Description : Msfs
State : Running

Name : mshidkmdf
Path : C:\Windows\system32\drivers\mshidkmdf.sys
Service Type : Kernel Driver
Description : Pass-through HID to KMDF Filter Driver
State : Stopped

Name : msisadrv
Path : C:\Windows\system32\drivers\msisadrv.sys
Service Type : Kernel Driver
Description : msisadrv
State : Running

Name : MSKSSRV
Path : C:\Windows\system32\drivers\MSKSSRV.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Service Proxy
State : Stopped

Name : MSPCLOCK
Path : C:\Windows\system32\drivers\MSPCLOCK.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Clock Proxy
State : Stopped

Name : MSPQM
Path : C:\Windows\system32\drivers\MSPQM.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Quality Manager Proxy
State : Stopped

Name : MsRPC
Path : C:\Windows\system32\drivers\MsRPC.sys
Service Type : Kernel Driver
Description : MsRPC
State : Stopped

Name : mssmbios
Path : C:\Windows\system32\DRIVERS\mssmbios.sys
Service Type : Kernel Driver
Description : Microsoft System Management BIOS Driver
State : Running

Name : MSTEE
Path : C:\Windows\system32\drivers\MSTEE.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Tee/Sink-to-Sink Converter
State : Stopped

Name : MTConfig
Path : C:\Windows\system32\drivers\MTConfig.sys
Service Type : Kernel Driver
Description : Microsoft Input Configuration Driver
State : Stopped

Name : Mup
Path : C:\Windows\system32\Drivers\mup.sys
Service Type : File System Driver
Description : Mup
State : Running

Name : NDIS
Path : C:\Windows\system32\drivers\ndis.sys
Service Type : Kernel Driver
Description : NDIS System Driver
State : Running

Name : NdisCap
Path : C:\Windows\system32\DRIVERS\ndiscap.sys
Service Type : Kernel Driver
Description : NDIS Capture LightWeight Filter
State : Stopped

Name : NdisTapi
Path : C:\Windows\system32\DRIVERS\ndistapi.sys
Service Type : Kernel Driver
Description : Remote Access NDIS TAPI Driver
State : Running

Name : Ndisuio
Path : C:\Windows\system32\DRIVERS\ndisuio.sys
Service Type : Kernel Driver
Description : NDIS Usermode I/O Protocol
State : Stopped

Name : NdisWan
Path : C:\Windows\system32\DRIVERS\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access NDIS WAN Driver
State : Running

Name : NDProxy
Path : C:\Windows\system32\drivers\NDProxy.sys
Service Type : Kernel Driver
Description : NDIS Proxy
State : Running

Name : NetBIOS
Path : C:\Windows\system32\DRIVERS\netbios.sys
Service Type : File System Driver
Description : NetBIOS Interface
State : Running

Name : NetBT
Path : C:\Windows\system32\DRIVERS\netbt.sys
Service Type : Kernel Driver
Description : NetBT
State : Running

Name : nfrd960
Path : C:\Windows\system32\drivers\nfrd960.sys
Service Type : Kernel Driver
Description : nfrd960
State : Stopped

Name : Npfs
Path : C:\Windows\system32\drivers\Npfs.sys
Service Type : File System Driver
Description : Npfs
State : Running

Name : nsiproxy
Path : C:\Windows\system32\drivers\nsiproxy.sys
Service Type : Kernel Driver
Description : NSI proxy service driver.
State : Running

Name : Ntfs
Path : C:\Windows\system32\drivers\Ntfs.sys
Service Type : File System Driver
Description : Ntfs
State : Running

Name : Null
Path : C:\Windows\system32\drivers\Null.sys
Service Type : Kernel Driver
Description : Null
State : Running

Name : nvraid
Path : C:\Windows\system32\drivers\nvraid.sys
Service Type : Kernel Driver
Description : nvraid
State : Stopped

Name : nvstor
Path : C:\Windows\system32\drivers\nvstor.sys
Service Type : Kernel Driver
Description : nvstor
State : Stopped

Name : nv_agp
Path : C:\Windows\system32\drivers\nv_agp.sys
Service Type : Kernel Driver
Description : NVIDIA nForce AGP Bus Filter
State : Stopped

Name : ohci1394
Path : C:\Windows\system32\drivers\ohci1394.sys
Service Type : Kernel Driver
Description : 1394 OHCI Compliant Host Controller (Legacy)
State : Stopped

Name : Parport
Path : C:\Windows\system32\drivers\parport.sys
Service Type : Kernel Driver
Description : Parallel port driver
State : Stopped

Name : partmgr
Path : C:\Windows\system32\drivers\partmgr.sys
Service Type : Kernel Driver
Description : Partition Manager
State : Running

Name : pci
Path : C:\Windows\system32\drivers\pci.sys
Service Type : Kernel Driver
Description : PCI Bus Driver
State : Running

Name : pciide
Path : C:\Windows\system32\drivers\pciide.sys
Service Type : Kernel Driver
Description : pciide
State : Stopped

Name : pcmcia
Path : C:\Windows\system32\drivers\pcmcia.sys
Service Type : Kernel Driver
Description : pcmcia
State : Stopped

Name : pcw
Path : C:\Windows\system32\drivers\pcw.sys
Service Type : Kernel Driver
Description : Performance Counters for Windows Driver
State : Running

Name : PEAUTH
Path : C:\Windows\system32\drivers\peauth.sys
Service Type : Kernel Driver
Description : PEAUTH
State : Running

Name : PptpMiniport
Path : C:\Windows\system32\DRIVERS\raspptp.sys
Service Type : Kernel Driver
Description : WAN Miniport (PPTP)
State : Running

Name : Processor
Path : C:\Windows\system32\drivers\processr.sys
Service Type : Kernel Driver
Description : Processor Driver
State : Stopped

Name : Psched
Path : C:\Windows\system32\DRIVERS\pacer.sys
Service Type : Kernel Driver
Description : QoS Packet Scheduler
State : Running

Name : ql2300
Path : C:\Windows\system32\drivers\ql2300.sys
Service Type : Kernel Driver
Description : ql2300
State : Stopped

Name : ql40xx
Path : C:\Windows\system32\drivers\ql40xx.sys
Service Type : Kernel Driver
Description : ql40xx
State : Stopped

Name : RasAcd
Path : C:\Windows\system32\DRIVERS\rasacd.sys
Service Type : Kernel Driver
Description : Remote Access Auto Connection Driver
State : Stopped

Name : RasAgileVpn
Path : C:\Windows\system32\DRIVERS\AgileVpn.sys
Service Type : Kernel Driver
Description : WAN Miniport (IKEv2)
State : Running

Name : Rasl2tp
Path : C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Type : Kernel Driver
Description : WAN Miniport (L2TP)
State : Running

Name : RasPppoe
Path : C:\Windows\system32\DRIVERS\raspppoe.sys
Service Type : Kernel Driver
Description : Remote Access PPPOE Driver
State : Running

Name : RasSstp
Path : C:\Windows\system32\DRIVERS\rassstp.sys
Service Type : Kernel Driver
Description : WAN Miniport (SSTP)
State : Running

Name : rdbss
Path : C:\Windows\system32\DRIVERS\rdbss.sys
Service Type : File System Driver
Description : Redirected Buffering Sub Sysytem
State : Running

Name : rdpbus
Path : C:\Windows\system32\DRIVERS\rdpbus.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Bus Driver
State : Running

Name : RDPCDD
Path : C:\Windows\system32\DRIVERS\RDPCDD.sys
Service Type : Kernel Driver
Description : RDPCDD
State : Running

Name : RDPDR
Path : C:\Windows\system32\drivers\rdpdr.sys
Service Type : Kernel Driver
Description : Terminal Server Device Redirector Driver
State : Running

Name : RDPENCDD
Path : C:\Windows\system32\drivers\rdpencdd.sys
Service Type : Kernel Driver
Description : RDP Encoder Mirror Driver
State : Running

Name : RDPREFMP
Path : C:\Windows\system32\drivers\rdprefmp.sys
Service Type : Kernel Driver
Description : Reflector Display Driver used to gain access to graphics data
State : Running

Name : RDPWD
Path : C:\Windows\system32\drivers\RDPWD.sys
Service Type : Kernel Driver
Description : RDP Winstation Driver
State : Running

Name : rspndr
Path : C:\Windows\system32\DRIVERS\rspndr.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Responder
State : Running

Name : s3cap
Path : C:\Windows\system32\drivers\vms3cap.sys
Service Type : Kernel Driver
Description : s3cap
State : Stopped

Name : sacdrv
Path : C:\Windows\system32\DRIVERS\sacdrv.sys
Service Type : Kernel Driver
Description : sacdrv
State : Stopped

Name : sbp2port
Path : C:\Windows\system32\drivers\sbp2port.sys
Service Type : Kernel Driver
Description : sbp2port
State : Stopped

Name : scfilter
Path : C:\Windows\system32\DRIVERS\scfilter.sys
Service Type : Kernel Driver
Description : Smart card PnP Class Filter Driver
State : Stopped

Name : secdrv
Path : C:\Windows\system32\drivers\secdrv.sys
Service Type : Kernel Driver
Description : Security Driver
State : Running

Name : Serenum
Path : C:\Windows\system32\DRIVERS\serenum.sys
Service Type : Kernel Driver
Description : Serenum Filter Driver
State : Running

Name : Serial
Path : C:\Windows\system32\DRIVERS\serial.sys
Service Type : Kernel Driver
Description : Serial port driver
State : Running

Name : sermouse
Path : C:\Windows\system32\drivers\sermouse.sys
Service Type : Kernel Driver
Description : Serial Mouse Driver
State : Stopped

Name : sffdisk
Path : C:\Windows\system32\drivers\sffdisk.sys
Service Type : Kernel Driver
Description : SFF Storage Class Driver
State : Stopped

Name : sffp_mmc
Path : C:\Windows\system32\drivers\sffp_mmc.sys
Service Type : Kernel Driver
Description : SFF Storage Protocol Driver for MMC
State : Stopped

Name : sffp_sd
Path : C:\Windows\system32\drivers\sffp_sd.sys
Service Type : Kernel Driver
Description : SFF Storage Protocol Driver for SDBus
State : Stopped

Name : sfloppy
Path : C:\Windows\system32\drivers\sfloppy.sys
Service Type : Kernel Driver
Description : High-Capacity Floppy Disk Drive
State : Stopped

Name : SiSRaid2
Path : C:\Windows\system32\drivers\SiSRaid2.sys
Service Type : Kernel Driver
Description : SiSRaid2
State : Stopped

Name : SiSRaid4
Path : C:\Windows\system32\drivers\sisraid4.sys
Service Type : Kernel Driver
Description : SiSRaid4
State : Stopped

Name : Smb
Path : C:\Windows\system32\DRIVERS\smb.sys
Service Type : Kernel Driver
Description : Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
State : Stopped

Name : spldr
Path : C:\Windows\system32\drivers\spldr.sys
Service Type : Kernel Driver
Description : Security Processor Loader Driver
State : Running

Name : srv
Path : C:\Windows\system32\DRIVERS\srv.sys
Service Type : File System Driver
Description : Server SMB 1.xxx Driver
State : Running

Name : srv2
Path : C:\Windows\system32\DRIVERS\srv2.sys
Service Type : File System Driver
Description : Server SMB 2.xxx Driver
State : Running

Name : srvnet
Path : C:\Windows\system32\DRIVERS\srvnet.sys
Service Type : File System Driver
Description : srvnet
State : Running

Name : stexstor
Path : C:\Windows\system32\drivers\stexstor.sys
Service Type : Kernel Driver
Description : stexstor
State : Stopped

Name : storflt
Path : C:\Windows\system32\drivers\vmstorfl.sys
Service Type : Kernel Driver
Description : Disk Virtual Machine Bus Acceleration Filter Driver
State : Running

Name : storvsc
Path : C:\Windows\system32\drivers\storvsc.sys
Service Type : Kernel Driver
Description : storvsc
State : Stopped

Name : storvsp
Path : C:\Windows\system32\drivers\storvsp.sys
Service Type : Kernel Driver
Description : storvsp
State : Stopped

Name : swenum
Path : C:\Windows\system32\DRIVERS\swenum.sys
Service Type : Kernel Driver
Description : Software Bus Driver
State : Running

Name : Tcpip
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : TCP/IP Protocol Driver
State : Running

Name : TCPIP6
Path : C:\Windows\system32\DRIVERS\tcpip.sys
Service Type : Kernel Driver
Description : Microsoft IPv6 Protocol Driver
State : Stopped

Name : tcpipreg
Path : C:\Windows\system32\drivers\tcpipreg.sys
Service Type : Kernel Driver
Description : TCP/IP Registry Compatibility
State : Running

Name : TDPIPE
Path : C:\Windows\system32\drivers\tdpipe.sys
Service Type : Kernel Driver
Description : TDPIPE
State : Stopped

Name : TDTCP
Path : C:\Windows\system32\drivers\tdtcp.sys
Service Type : Kernel Driver
Description : TDTCP
State : Running

Name : tdx
Path : C:\Windows\system32\DRIVERS\tdx.sys
Service Type : Kernel Driver
Description : NetIO Legacy TDI Support Driver
State : Running

Name : TermDD
Path : C:\Windows\system32\DRIVERS\termdd.sys
Service Type : Kernel Driver
Description : Terminal Device Driver
State : Running

Name : tssecsrv
Path : C:\Windows\system32\DRIVERS\tssecsrv.sys
Service Type : Kernel Driver
Description : Remote Desktop Services Security Filter Driver
State : Running

Name : TsUsbFlt
Path : C:\Windows\system32\drivers\tsusbflt.sys
Service Type : Kernel Driver
Description : TsUsbFlt
State : Stopped

Name : TsUsbGD
Path : C:\Windows\system32\drivers\TsUsbGD.sys
Service Type : Kernel Driver
Description : Remote Desktop Generic USB Device
State : Stopped

Name : tunnel
Path : C:\Windows\system32\DRIVERS\tunnel.sys
Service Type : Kernel Driver
Description : Microsoft Tunnel Miniport Adapter Driver
State : Running

Name : uagp35
Path : C:\Windows\system32\drivers\uagp35.sys
Service Type : Kernel Driver
Description : Microsoft AGPv3.5 Filter
State : Stopped

Name : udfs
Path : C:\Windows\system32\DRIVERS\udfs.sys
Service Type : File System Driver
Description : udfs
State : Stopped

Name : uliagpkx
Path : C:\Windows\system32\drivers\uliagpkx.sys
Service Type : Kernel Driver
Description : Uli AGP Bus Filter
State : Stopped

Name : umbus
Path : C:\Windows\system32\DRIVERS\umbus.sys
Service Type : Kernel Driver
Description : UMBus Enumerator Driver
State : Running

Name : UmPass
Path : C:\Windows\system32\drivers\umpass.sys
Service Type : Kernel Driver
Description : Microsoft UMPass Driver
State : Stopped

Name : usbccgp
Path : C:\Windows\system32\drivers\usbccgp.sys
Service Type : Kernel Driver
Description : Microsoft USB Generic Parent Driver
State : Stopped

Name : usbehci
Path : C:\Windows\system32\DRIVERS\usbehci.sys
Service Type : Kernel Driver
Description : Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
State : Running

Name : usbhub
Path : C:\Windows\system32\DRIVERS\usbhub.sys
Service Type : Kernel Driver
Description : Microsoft USB Standard Hub Driver
State : Running

Name : usbohci
Path : C:\Windows\system32\drivers\usbohci.sys
Service Type : Kernel Driver
Description : Microsoft USB Open Host Controller Miniport Driver
State : Stopped

Name : usbprint
Path : C:\Windows\system32\drivers\usbprint.sys
Service Type : Kernel Driver
Description : Microsoft USB PRINTER Class
State : Stopped

Name : USBSTOR
Path : C:\Windows\system32\drivers\USBSTOR.SYS
Service Type : Kernel Driver
Description : USB Mass Storage Driver
State : Stopped

Name : usbuhci
Path : C:\Windows\system32\DRIVERS\usbuhci.sys
Service Type : Kernel Driver
Description : Microsoft USB Universal Host Controller Miniport Driver
State : Running

Name : VBoxGuest
Path : C:\Windows\system32\DRIVERS\VBoxGuest.sys
Service Type : Kernel Driver
Description : VirtualBox Guest Driver
State : Running

Name : VBoxMouse
Path : C:\Windows\system32\DRIVERS\VBoxMouse.sys
Service Type : Kernel Driver
Description : VirtualBox Guest Mouse Service
State : Running

Name : VBoxSF
Path : C:\Windows\system32\drivers\VBoxSF.sys
Service Type : File System Driver
Description : VirtualBox Shared Folders
State : Stopped

Name : VBoxVideo
Path : C:\Windows\system32\DRIVERS\VBoxVideo.sys
Service Type : Kernel Driver
Description : VBoxVideo
State : Stopped

Name : vdrvroot
Path : C:\Windows\system32\drivers\vdrvroot.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Drive Enumerator Driver
State : Running

Name : vga
Path : C:\Windows\system32\DRIVERS\vgapnp.sys
Service Type : Kernel Driver
Description : vga
State : Running

Name : VgaSave
Path : C:\Windows\system32\drivers\vga.sys
Service Type : Kernel Driver
Description : VgaSave
State : Running

Name : vhdmp
Path : C:\Windows\system32\drivers\vhdmp.sys
Service Type : Kernel Driver
Description : vhdmp
State : Stopped

Name : viaide
Path : C:\Windows\system32\drivers\viaide.sys
Service Type : Kernel Driver
Description : viaide
State : Stopped

Name : Vid
Path : C:\Windows\system32\drivers\Vid.sys
Service Type : Kernel Driver
Description : Vid
State : Stopped

Name : vmbus
Path : C:\Windows\system32\drivers\vmbus.sys
Service Type : Kernel Driver
Description : vmbus
State : Stopped

Name : VMBusHID
Path : C:\Windows\system32\drivers\VMBusHID.sys
Service Type : Kernel Driver
Description : VMBusHID
State : Stopped

Name : volmgr
Path : C:\Windows\system32\drivers\volmgr.sys
Service Type : Kernel Driver
Description : Volume Manager Driver
State : Running

Name : volmgrx
Path : C:\Windows\system32\drivers\volmgrx.sys
Service Type : Kernel Driver
Description : Dynamic Volume Manager
State : Running

Name : volsnap
Path : C:\Windows\system32\drivers\volsnap.sys
Service Type : Kernel Driver
Description : Storage volumes
State : Running

Name : vsmraid
Path : C:\Windows\system32\drivers\vsmraid.sys
Service Type : Kernel Driver
Description : vsmraid
State : Stopped

Name : WacomPen
Path : C:\Windows\system32\drivers\wacompen.sys
Service Type : Kernel Driver
Description : Wacom Serial Pen HID Driver
State : Stopped

Name : WANARP
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IP ARP Driver
State : Stopped

Name : Wanarpv6
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IPv6 ARP Driver
State : Running

Name : Wd
Path : C:\Windows\system32\drivers\wd.sys
Service Type : Kernel Driver
Description : Wd
State : Stopped

Name : Wdf01000
Path : C:\Windows\system32\drivers\Wdf01000.sys
Service Type : Kernel Driver
Description : Kernel Mode Driver Frameworks service
State : Running

Name : WfpLwf
Path : C:\Windows\system32\DRIVERS\wfplwf.sys
Service Type : Kernel Driver
Description : WFP Lightweight Filter
State : Running

Name : WIMMount
Path : C:\Windows\system32\drivers\wimmount.sys
Service Type : File System Driver
Description : WIMMount
State : Stopped

Name : WmiAcpi
Path : C:\Windows\system32\drivers\wmiacpi.sys
Service Type : Kernel Driver
Description : Microsoft Windows Management Interface for ACPI
State : Stopped

Name : ws2ifsl
Path : C:\Windows\system32\drivers\ws2ifsl.sys
Service Type : Kernel Driver
Description : Winsock IFS Driver
State : Stopped

Name : WudfPf
Path : C:\Windows\system32\drivers\WudfPf.sys
Service Type : Kernel Driver
Description : User Mode Driver Frameworks Platform Driver
State : Stopped
© 2026 Tenable™, Inc. All rights reserved.